From 548702890d44993c3a3a3007a7e2041d662d3d16 Mon Sep 17 00:00:00 2001
From: Sean Morley <zipsm15@gmail.com>
Date: Tue, 7 Jan 2025 09:58:39 -0500
Subject: [PATCH] feat: update NGINX configuration for improved proxy handling
 and enable social account login on GET requests

---
 backend/nginx.conf                            | 22 ++++++++--------
 backend/server/main/settings.py               |  2 ++
 .../src/routes/_allauth/[...path]/+server.ts  | 25 +++++++------------
 3 files changed, 22 insertions(+), 27 deletions(-)

diff --git a/backend/nginx.conf b/backend/nginx.conf
index ae9992b..002aa44 100644
--- a/backend/nginx.conf
+++ b/backend/nginx.conf
@@ -17,24 +17,24 @@ http {
     }
 
     server {
-        listen 80;
+        listen 80;  # NGINX always listens on port 80 inside the container
         server_name localhost;
 
         location / {
-            proxy_pass http://server:8000;  # Forward to internal Gunicorn server
-            proxy_set_header Host $host;  # Forward Host header from the request
-            proxy_set_header X-Real-IP $remote_addr;  # Forward real IP
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # Forward original IP
-            proxy_set_header X-Forwarded-Proto $scheme;  # Forward the protocol
-            proxy_set_header X-Forwarded-Host $host;  # Forward the Host header
+            proxy_pass http://server:8000;  # Explicitly forward to Django service
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
         }
 
+
         location /static/ {
-            alias /code/staticfiles/;
+            alias /code/staticfiles/;  # Serve static files directly
         }
 
         location /media/ {
-            alias /code/media/;
+            alias /code/media/;   # Serve media files directly
         }
-}
-}
+    }
+}
\ No newline at end of file
diff --git a/backend/server/main/settings.py b/backend/server/main/settings.py
index 2b23b99..349f7bc 100644
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@@ -186,6 +186,8 @@ FRONTEND_URL = getenv('FRONTEND_URL', 'http://localhost:3000')
 # Set login redirect URL to the frontend
 LOGIN_REDIRECT_URL = FRONTEND_URL
 
+SOCIALACCOUNT_LOGIN_ON_GET = True
+
 HEADLESS_FRONTEND_URLS = {
     "account_confirm_email": f"{FRONTEND_URL}/user/verify-email/{{key}}",
     "account_reset_password": f"{FRONTEND_URL}/user/reset-password",
diff --git a/frontend/src/routes/_allauth/[...path]/+server.ts b/frontend/src/routes/_allauth/[...path]/+server.ts
index 4d6bc32..681a3fa 100644
--- a/frontend/src/routes/_allauth/[...path]/+server.ts
+++ b/frontend/src/routes/_allauth/[...path]/+server.ts
@@ -12,23 +12,23 @@ export async function GET(event) {
 
 /** @type {import('./$types').RequestHandler} */
 export async function POST({ url, params, request, fetch, cookies }) {
-	const searchParam = url.search ? `${url.search}&format=json` : '?format=json';
-	return handleRequest(url, params, request, fetch, cookies, searchParam, true);
+	const searchParam = url.search ? `${url.search}` : '';
+	return handleRequest(url, params, request, fetch, cookies, searchParam, false);
 }
 
 export async function PATCH({ url, params, request, fetch, cookies }) {
-	const searchParam = url.search ? `${url.search}&format=json` : '?format=json';
-	return handleRequest(url, params, request, fetch, cookies, searchParam, true);
+	const searchParam = url.search ? `${url.search}` : '';
+	return handleRequest(url, params, request, fetch, cookies, searchParam, false);
 }
 
 export async function PUT({ url, params, request, fetch, cookies }) {
-	const searchParam = url.search ? `${url.search}&format=json` : '?format=json';
-	return handleRequest(url, params, request, fetch, cookies, searchParam, true);
+	const searchParam = url.search ? `${url.search}` : '';
+	return handleRequest(url, params, request, fetch, cookies, searchParam, false);
 }
 
 export async function DELETE({ url, params, request, fetch, cookies }) {
-	const searchParam = url.search ? `${url.search}&format=json` : '?format=json';
-	return handleRequest(url, params, request, fetch, cookies, searchParam, true);
+	const searchParam = url.search ? `${url.search}` : '';
+	return handleRequest(url, params, request, fetch, cookies, searchParam, false);
 }
 
 async function handleRequest(
@@ -53,25 +53,18 @@ async function handleRequest(
 
 	const headers = new Headers(request.headers);
 
-	// Delete existing csrf cookie by setting an expired date
-	cookies.delete('csrftoken', { path: '/' });
-
-	// Generate a new csrf token (using your existing fetchCSRFToken function)
 	const csrfToken = await fetchCSRFToken();
 	if (!csrfToken) {
 		return json({ error: 'CSRF token is missing or invalid' }, { status: 400 });
 	}
 
-	// Set the new csrf token in both headers and cookies
-	const cookieHeader = `csrftoken=${csrfToken}; Path=/; HttpOnly; SameSite=Lax`;
-
 	try {
 		const response = await fetch(targetUrl, {
 			method: request.method,
 			headers: {
 				...Object.fromEntries(headers),
 				'X-CSRFToken': csrfToken,
-				Cookie: cookieHeader
+				Cookie: `csrftoken=${csrfToken}`
 			},
 			body:
 				request.method !== 'GET' && request.method !== 'HEAD' ? await request.text() : undefined,