From 26a0077015f0ac6e6cdd2f1a1bae8a370487ba66 Mon Sep 17 00:00:00 2001 From: louispaulb Date: Tue, 31 Mar 2026 00:00:14 -0400 Subject: [PATCH] fix: route API + Ollama calls through ops-frontend nginx proxy All /api/ and /ollama/ requests now go through the ops base path (/ops/api/... and /ops/ollama/...) so Traefik routes them to ops-frontend nginx, which injects the ERPNext token server-side. Token is never exposed in the browser. Co-Authored-By: Claude Opus 4.6 (1M context) --- apps/ops/src/api/ocr.js | 7 +++++-- apps/ops/src/config/erpnext.js | 6 +++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/apps/ops/src/api/ocr.js b/apps/ops/src/api/ocr.js index 896ba96..77c7ee2 100644 --- a/apps/ops/src/api/ocr.js +++ b/apps/ops/src/api/ocr.js @@ -1,6 +1,9 @@ import { authFetch } from './auth' -const OLLAMA_URL = '/ollama/api/generate' +// Use the Vite base path so requests route through ops-frontend nginx +// In production: /ops/ollama/... → Traefik strips /ops → nginx /ollama/ → Ollama +const BASE = import.meta.env.BASE_URL || '/' +const OLLAMA_URL = BASE + 'ollama/api/generate' const OCR_PROMPT = `You are an invoice/bill OCR assistant. Extract the following fields from this image of a bill or invoice. Return ONLY valid JSON, no markdown, no explanation. @@ -71,7 +74,7 @@ export async function ocrBill (base64Image) { */ export async function checkOllamaStatus () { try { - const res = await authFetch('/ollama/api/tags') + const res = await authFetch(BASE + 'ollama/api/tags') if (!res.ok) return { online: false, error: 'HTTP ' + res.status } const data = await res.json() const models = (data.models || []).map(m => m.name) diff --git a/apps/ops/src/config/erpnext.js b/apps/ops/src/config/erpnext.js index 99ae171..b2564e0 100644 --- a/apps/ops/src/config/erpnext.js +++ b/apps/ops/src/config/erpnext.js @@ -1,4 +1,8 @@ -export const BASE_URL = '' +// Route API calls through ops-frontend nginx (which injects the ERPNext token) +// In production: /ops/api/... → Traefik strips /ops → nginx proxies to ERPNext with token +// In dev: '' (uses VITE_ERP_TOKEN or devServer proxy) +const viteBase = import.meta.env.BASE_URL || '/' +export const BASE_URL = viteBase === '/' ? '' : viteBase.replace(/\/$/, '') export const MAPBOX_TOKEN = 'pk.eyJ1IjoidGFyZ29pbnRlcm5ldCIsImEiOiJjbW13Z3lwMXAwdGt1MnVvamsxNWkybzFkIn0.rdYB17XUdfn96czdnnJ6eg'