forked from molecule-ai/molecule-core
54bb543ff7
1. Settings panel: wire TokensTab into "API Tokens" tab (was imported but not rendered). Rename "API Keys" → "Secrets", add "API Tokens" tab. Fix docs link → doc.moleculesai.app/docs/tokens. 2. Referer match hardening: require exact host match or trailing slash to prevent evil.com subdomain bypass. Cache CANVAS_PROXY_URL at init time instead of per-request os.Getenv. 3. Extract shared deriveWsBaseUrl() to lib/ws-url.ts — eliminates duplicate 12-line derivation in socket.ts and TerminalTab.tsx. 4. Token list pagination: add ?limit= and ?offset= params (default 50, max 200) to GET /workspaces/:id/tokens. 507/507 canvas tests pass, Go build + vet clean. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
38 lines
1.0 KiB
Bash
38 lines
1.0 KiB
Bash
#!/bin/sh
|
|
# Tenant entrypoint — starts both Go platform (API) and Canvas (UI).
|
|
#
|
|
# Go platform listens on :8080 (Fly health checks hit this port).
|
|
# Canvas Node.js listens on :3000 (internal only).
|
|
# The Go platform's fallback handler proxies non-API routes to :3000
|
|
# so the browser only ever talks to :8080.
|
|
#
|
|
# If either process dies, we kill the other and exit non-zero so Fly
|
|
# restarts the machine.
|
|
|
|
set -e
|
|
|
|
# Start Canvas in background
|
|
cd /canvas
|
|
PORT=3000 HOSTNAME=0.0.0.0 node server.js &
|
|
CANVAS_PID=$!
|
|
|
|
# Start Go platform in foreground-ish (we trap signals)
|
|
# CANVAS_PROXY_URL tells the platform to proxy unmatched routes to Canvas.
|
|
export CANVAS_PROXY_URL="${CANVAS_PROXY_URL:-http://localhost:3000}"
|
|
cd /
|
|
/platform &
|
|
PLATFORM_PID=$!
|
|
|
|
# If either process exits, kill the other
|
|
cleanup() {
|
|
kill $CANVAS_PID 2>/dev/null || true
|
|
kill $PLATFORM_PID 2>/dev/null || true
|
|
}
|
|
trap cleanup EXIT SIGTERM SIGINT
|
|
|
|
# Wait for either to exit — whichever exits first triggers cleanup
|
|
wait -n $CANVAS_PID $PLATFORM_PID
|
|
EXIT_CODE=$?
|
|
cleanup
|
|
exit $EXIT_CODE
|