From 3011d77caf1075f6bd7ea81855d43fb1c8f8af77 Mon Sep 17 00:00:00 2001
From: Wuesteon <nils.weiser@outlook.com>
Date: Mon, 15 Dec 2025 14:13:00 +0100
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20refactor(contacts,zitare):?=
 =?UTF-8?q?=20use=20dynamic=20runtime=20URLs=20in=20auth=20stores?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace hardcoded localhost URLs with dynamic getAuthUrl() and
getBackendUrl() functions that:
- Read from injected window variables in client-side code
- Fall back to process.env for SSR
- Default to localhost for local development

This ensures proper URL resolution in Docker/production environments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../apps/web/src/lib/stores/auth.svelte.ts    | 29 ++++++++++++++++---
 .../apps/web/src/lib/stores/auth.svelte.ts    | 29 +++++++++++++++----
 2 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/apps/contacts/apps/web/src/lib/stores/auth.svelte.ts b/apps/contacts/apps/web/src/lib/stores/auth.svelte.ts
index b78d148f4..4582f599b 100644
--- a/apps/contacts/apps/web/src/lib/stores/auth.svelte.ts
+++ b/apps/contacts/apps/web/src/lib/stores/auth.svelte.ts
@@ -6,8 +6,29 @@
 import { browser } from '$app/environment';
 import { initializeWebAuth } from '@manacore/shared-auth';
 import type { UserData } from '@manacore/shared-auth';
-import { MANA_AUTH_URL } from '$lib/api/config';
-const BACKEND_URL = 'http://localhost:3015';
+
+// Get auth URL dynamically at runtime - fallback for SSR and client
+function getAuthUrl(): string {
+	if (browser && typeof window !== 'undefined') {
+		// Client-side: use injected window variable (set by hooks.server.ts)
+		// Falls back to localhost for local development
+		const injectedUrl = (window as unknown as { __PUBLIC_MANA_CORE_AUTH_URL__?: string })
+			.__PUBLIC_MANA_CORE_AUTH_URL__;
+		return injectedUrl || 'http://localhost:3001';
+	}
+	// Server-side (SSR): use Docker internal URL for container-to-container communication
+	return process.env.PUBLIC_MANA_CORE_AUTH_URL || 'http://localhost:3001';
+}
+
+// Get backend URL dynamically at runtime
+function getBackendUrl(): string {
+	if (browser && typeof window !== 'undefined') {
+		const injectedUrl = (window as unknown as { __PUBLIC_BACKEND_URL__?: string })
+			.__PUBLIC_BACKEND_URL__;
+		return injectedUrl || 'http://localhost:3015';
+	}
+	return process.env.PUBLIC_BACKEND_URL || 'http://localhost:3015';
+}
 
 // Lazy initialization to avoid SSR issues with localStorage
 let _authService: ReturnType<typeof initializeWebAuth>['authService'] | null = null;
@@ -17,8 +38,8 @@ function getAuthService() {
 	if (!browser) return null;
 	if (!_authService) {
 		const auth = initializeWebAuth({
-			baseUrl: MANA_AUTH_URL,
-			backendUrl: BACKEND_URL, // Enables automatic token refresh on 401 responses
+			baseUrl: getAuthUrl(),
+			backendUrl: getBackendUrl(), // Enables automatic token refresh on 401 responses
 		});
 		_authService = auth.authService;
 		_tokenManager = auth.tokenManager;
diff --git a/apps/zitare/apps/web/src/lib/stores/auth.svelte.ts b/apps/zitare/apps/web/src/lib/stores/auth.svelte.ts
index 688e7e17f..03771a80c 100644
--- a/apps/zitare/apps/web/src/lib/stores/auth.svelte.ts
+++ b/apps/zitare/apps/web/src/lib/stores/auth.svelte.ts
@@ -7,9 +7,28 @@ import { browser } from '$app/environment';
 import { initializeWebAuth } from '@manacore/shared-auth';
 import type { UserData } from '@manacore/shared-auth';
 
-// Initialize Mana Core Auth only on the client side
-const MANA_AUTH_URL = 'http://localhost:3001';
-const BACKEND_URL = 'http://localhost:3007';
+// Get auth URL dynamically at runtime - fallback for SSR and client
+function getAuthUrl(): string {
+	if (browser && typeof window !== 'undefined') {
+		// Client-side: use injected window variable (set by hooks.server.ts)
+		// Falls back to localhost for local development
+		const injectedUrl = (window as unknown as { __PUBLIC_MANA_CORE_AUTH_URL__?: string })
+			.__PUBLIC_MANA_CORE_AUTH_URL__;
+		return injectedUrl || 'http://localhost:3001';
+	}
+	// Server-side (SSR): use Docker internal URL for container-to-container communication
+	return process.env.PUBLIC_MANA_CORE_AUTH_URL || 'http://localhost:3001';
+}
+
+// Get backend URL dynamically at runtime
+function getBackendUrl(): string {
+	if (browser && typeof window !== 'undefined') {
+		const injectedUrl = (window as unknown as { __PUBLIC_BACKEND_URL__?: string })
+			.__PUBLIC_BACKEND_URL__;
+		return injectedUrl || 'http://localhost:3007';
+	}
+	return process.env.PUBLIC_BACKEND_URL || 'http://localhost:3007';
+}
 
 // Lazy initialization to avoid SSR issues with localStorage
 let _authService: ReturnType<typeof initializeWebAuth>['authService'] | null = null;
@@ -19,8 +38,8 @@ function getAuthService() {
 	if (!browser) return null;
 	if (!_authService) {
 		const auth = initializeWebAuth({
-			baseUrl: MANA_AUTH_URL,
-			backendUrl: BACKEND_URL, // Enables automatic token refresh on 401 responses
+			baseUrl: getAuthUrl(),
+			backendUrl: getBackendUrl(), // Enables automatic token refresh on 401 responses
 		});
 		_authService = auth.authService;
 		_tokenManager = auth.tokenManager;