@dubeyvishal/orbital-cli 1.4.9 → 1.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/server/src/config/env.js +1 -1
  3. package/server/src/index.js +15 -2
  4. package/server/src/lib/auth.js +2 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dubeyvishal/orbital-cli",
3
- "version": "1.4.9",
3
+ "version": "1.6.9",
4
4
  "description": "A fullstack CLI-based AI platform with chat mode, multi-tool agents, and agentic AI workflows. Includes GitHub login with device authorization, secure authentication, and modular client–server architecture for building intelligent automation tools.",
5
5
  "author": "Vishal Dubey",
6
6
  "license": "MIT",
package/server/src/config/env.js CHANGED
@@ -8,7 +8,7 @@ const __dirname = path.dirname(__filename);
8
8
  // Load env from the server package root (server/.env) regardless of where the process is started.
9
9
  const serverEnvPath = path.resolve(__dirname, "../../.env");
10
10
 
11
- dotenv.config({ path: serverEnvPath });
11
+ dotenv.config({ path: serverEnvPath, quiet: true });
12
12
 
13
13
  // Note: The Gemini API key is stored in the OS credential manager via keytar.
14
14
  // CLI code will hydrate GOOGLE_GENERATIVE_AI_API_KEY from keytar when needed.
package/server/src/index.js CHANGED
@@ -16,15 +16,28 @@ const CLIENT_ORIGIN = FRONTEND_URL;
16
16
 
17
17
  app.use(express.json());
18
18
 
19
+ // ── CORS: single source of truth for every route ──────────────────────
19
20
  app.use(
20
21
  cors({
21
22
  origin: CLIENT_ORIGIN,
22
- methods: ["GET", "POST", "PUT", "DELETE"],
23
+ methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
23
24
  credentials: true,
24
25
  })
25
26
  );
26
27
 
27
- app.all("/api/auth/*splat", toNodeHandler(auth));
28
+ // Wrap the better-auth handler so it can never override the origin with "*".
29
+ const authHandler = toNodeHandler(auth);
30
+ app.all("/api/auth/*splat", (req, res) => {
31
+ const _setHeader = res.setHeader.bind(res);
32
+ res.setHeader = function (name, value) {
33
+ // Force the correct origin for any CORS header better-auth sets.
34
+ if (name.toLowerCase() === "access-control-allow-origin") {
35
+ return _setHeader(name, CLIENT_ORIGIN);
36
+ }
37
+ return _setHeader(name, value);
38
+ };
39
+ authHandler(req, res);
40
+ });
28
41
 
29
42
  app.use("/auth", authRoutes);
30
43
 
package/server/src/lib/auth.js CHANGED
@@ -3,7 +3,7 @@ import { betterAuth } from "better-auth";
3
3
  import { prismaAdapter } from "better-auth/adapters/prisma";
4
4
  import { deviceAuthorization } from "better-auth/plugins";
5
5
  import prisma from "./db.js";
6
- import { FRONTEND_URL } from "../config/api.js";
6
+ import { API_BASE, FRONTEND_URL } from "../config/api.js";
7
7
 
8
8
  const CLIENT_ORIGIN =
9
9
  process.env.CLIENT_ORIGIN ||
@@ -15,12 +15,11 @@ export const auth = betterAuth({
15
15
  provider: "postgresql",
16
16
  }),
17
17
 
18
- baseURL: CLIENT_ORIGIN,
18
+ baseURL: API_BASE,
19
19
  basePath: "/api/auth",
20
20
 
21
21
  trustedOrigins: [CLIENT_ORIGIN],
22
22
 
23
-
24
23
  cors: {
25
24
  origin: CLIENT_ORIGIN,
26
25
  credentials: true,