fixed

Author: TheCommandCat

apps/frontend/lib/utils/fetch.ts

@@ -2,19 +2,21 @@ import { SafeUser } from '@mtes/types';
 import { GetServerSidePropsContext } from 'next';
 
 export const getApiBase = (isServerSide: boolean = false): string => {
-  const publicApiUrl = process.env.NEXT_PUBLIC_API_URL ?? 'http://localhost:3333';
+  // For client-side requests, use empty string to go through Next.js rewrites (same origin)
+  // For server-side requests (SSR), use the internal API URL directly
+  if (!isServerSide) {
+    return ''; // Client-side: use relative URLs, Next.js rewrites handle the proxy
+  }
   const internalApiUrl = process.env.INTERNAL_API_URL ?? 'http://backend:3333';
-
-  // Use internal API URL for server-side rendering, public API URL for client-side
-  return isServerSide ? internalApiUrl : publicApiUrl;
+  return internalApiUrl;
 };
 
 export const apiFetch = (
   path: string,
   init?: RequestInit | undefined,
   ctx?: GetServerSidePropsContext
 ): Promise<Response> => {
-  let headers = { ...init?.headers };
+  let headers: Record<string, string> = { ...(init?.headers as Record<string, string>) };
   if (ctx) {
     let token: string | undefined = undefined;
     const authHeader = ctx.req.headers.authorization as string;
@@ -25,7 +27,12 @@ export const apiFetch = (
     }
     // Only add Authorization header if token exists
     if (token) {
-      headers = { Authorization: `Bearer ${token}`, ...init?.headers };
+      headers['Authorization'] = `Bearer ${token}`;
+    }
+    // Forward cookies from the incoming request for SSR
+    const cookieHeader = ctx.req.headers.cookie;
+    if (cookieHeader) {
+      headers['Cookie'] = cookieHeader;
     }
   }
   // Use server-side URL when we have server context (SSR), client-side URL otherwise

apps/frontend/next.config.js

@@ -10,21 +10,41 @@ const nextConfig = {
   nx: {
     // Set this to true if you would like to to use SVGR
     // See: https://github.com/gregberge/svgr
-    svgr: false,
+    svgr: false
   },
 
   compiler: {
     // For other options, see https://nextjs.org/docs/architecture/nextjs-compiler#emotion
-    emotion: true,
+    emotion: true
   },
 
   // Enable standalone output for better Docker deployment
   output: 'standalone',
+
+  // Proxy API requests to the backend so cookies work on the same origin
+  async rewrites() {
+    const backendUrl =
+      process.env.INTERNAL_API_URL || process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3333';
+    return [
+      {
+        source: '/auth/:path*',
+        destination: `${backendUrl}/auth/:path*`
+      },
+      {
+        source: '/api/:path*',
+        destination: `${backendUrl}/api/:path*`
+      },
+      {
+        source: '/public/:path*',
+        destination: `${backendUrl}/public/:path*`
+      }
+    ];
+  }
 };
 
 const plugins = [
   // Add more Next.js plugins to this list if needed.
-  withNx,
+  withNx
 ];
 
 module.exports = composePlugins(...plugins)(nextConfig);