fix(dev): Vite-API-Proxy, Auth, Stripe-Mails und Backend-Erweiterungen

- Client: API-Basis-URL (joinApiUrl, /v1-Falle), Vite strictPort + Proxy 127.0.0.1, Nicht-JSON-Fehler - Server: /api-404 ohne Wildcard-Bug, SPA-Fallback, Auth-Middleware, Cron, Mailer, Crypto - Routen: OAuth-State, Email/Stripe/Analytics; client/.env.example Made-with: Cursor
2026-04-03 00:23:01 +02:00
parent 61008b63bb
commit ecae89a79d
33 changed files with 1663 additions and 550 deletions
--- a/client/vite.config.ts
+++ b/client/vite.config.ts
@@ -1,27 +1,53 @@
-import { defineConfig } from 'vite'
+import { defineConfig, loadEnv } from 'vite'
 import react from '@vitejs/plugin-react'
 import tailwindcss from '@tailwindcss/vite'
 import path from 'path'

 // https://vite.dev/config/
-export default defineConfig({
-  plugins: [react(), tailwindcss()],
-  resolve: {
-    alias: {
-      '@': path.resolve(__dirname, './src'),
+export default defineConfig(({ mode }) => {
+  const env = loadEnv(mode, __dirname, '')
+  const appwriteDevOrigin = (env.APPWRITE_DEV_ORIGIN || '').replace(/\/$/, '')
+  // 127.0.0.1 avoids Windows localhost → IPv6 (::1) vs backend listening on IPv4-only
+  const apiDevTarget = (env.VITE_DEV_API_ORIGIN || 'http://127.0.0.1:3000').replace(
+    /\/$/,
+    ''
+  )
+
+  const proxy: Record<
+    string,
+    { target: string; changeOrigin: boolean; secure?: boolean }
+  > = {
+    '/api': {
+      target: apiDevTarget,
+      changeOrigin: true,
    },
-  },
-  server: {
-    port: 5173,
-    proxy: {
-      '/api': {
-        target: 'http://localhost:3000',
-        changeOrigin: true,
-      },
-      '/stripe': {
-        target: 'http://localhost:3000',
-        changeOrigin: true,
+    '/stripe': {
+      target: apiDevTarget,
+      changeOrigin: true,
+    },
+  }
+
+  // Dev: Browser → localhost:5173/v1/* → Appwrite (umgeht CORS, wenn die Console nur z. B. webklar.com erlaubt)
+  if (mode === 'development' && appwriteDevOrigin) {
+    proxy['/v1'] = {
+      target: appwriteDevOrigin,
+      changeOrigin: true,
+      secure: true,
+    }
+  }
+
+  return {
+    plugins: [react(), tailwindcss()],
+    resolve: {
+      alias: {
+        '@': path.resolve(__dirname, './src'),
      },
    },
-  },
+    server: {
+      port: 5173,
+      // Wenn 5173 schon belegt ist, nicht still auf einen anderen Port wechseln — sonst öffnet man oft noch die alte URL und bekommt für /api 404.
+      strictPort: true,
+      proxy,
+    },
+  }
 })