Skip to content

fix: align public-api Docker image paths and simplify server config#12204

Merged
kaladinlight merged 6 commits intodevelopfrom
fix-public-api-build
Mar 24, 2026
Merged

fix: align public-api Docker image paths and simplify server config#12204
kaladinlight merged 6 commits intodevelopfrom
fix-public-api-build

Conversation

@kaladinlight
Copy link
Copy Markdown
Contributor

@kaladinlight kaladinlight commented Mar 24, 2026
edited by coderabbitai bot
Loading

Summary

  • Fix production Docker image by mirroring monorepo directory structure so __dirname-relative paths work for both docs and asset data — no env vars needed
  • Add env.ts with Zod schema validation — server fails fast at startup with clear errors for any missing or invalid env vars, eliminating all process.env reads and fallbacks scattered across the codebase
  • Hardcode trust proxy: 1 (required for express-rate-limit to correctly identify client IPs behind Railway's proxy)
  • Remove SWAP_SERVICE_BASE_URL re-export from config.ts — all usages read from env directly
  • Remove MICROSERVICES_URL — partner code resolution now uses SWAP_SERVICE_BASE_URL consistently
  • Expose DEFAULT_AFFILIATE_BPS as a configurable env var
  • Simplify PORT — no parseInt needed since app.listen accepts strings
  • Remove unused API_HOST, API_PORT config and TRUST_PROXY/ASSET_DATA_PATH env vars
  • Simplify asset loading to a single __dirname-relative path instead of a fallback array
  • Comprehensive .env.example with all vars explicit and pointing to dev endpoints

Test plan

  • Docker image builds and starts without errors
  • /health responds correctly
  • /docs loads without ENOENT errors
  • Assets load correctly (31k+ assets)
  • Rate limiting works correctly with trust proxy: 1

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated default environment example with many concrete service endpoints, API key placeholders, affiliate/feature flags, and extended rate-limit defaults.
    • Added runtime environment validation to detect misconfiguration and fail fast.
    • Adjusted asset data resolution and container image/startup layout for the public API.
  • Refactor
    • Centralized environment sourcing for server startup, middleware, and service integrations.

@kaladinlight kaladinlight requested a review from a team as a code owner March 24, 2026 17:26
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Mar 24, 2026
edited
Loading

Warning

Rate limit exceeded

@kaladinlight has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 49 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cd091d4e-5280-4c41-9de4-ab24b7e50319

📥 Commits

Reviewing files that changed from the base of the PR and between 07374a1 and 47ff0f5.

📒 Files selected for processing (2)
  • packages/public-api/src/env.ts
  • packages/public-api/src/routes/affiliate/getAffiliateStats.ts
📝 Walkthrough

Walkthrough

Centralized environment validation with a Zod-based env module; replaced in-file process.env handling across config, middleware, routes, and swapper deps with env.*; updated Dockerfile and deterministic asset path resolution; expanded .env.example; rate-limiters and feature flags now come from env.

Changes

Cohort / File(s) Summary
Environment schema & usage
packages/public-api/src/env.ts		 Add Zod envSchema, validate/coerce process.env, export env; fail fast (console errors + process.exit(1)) on validation errors.
Top-level config & startup
packages/public-api/src/config.ts, packages/public-api/src/index.ts		 Remove local API_PORT/API_HOST and in-file SWAP_SERVICE_BASE_URL logic; switch startup and trust-proxy to use env values; import env where needed.
.env example
packages/public-api/.env.example		 Replace commented/optional entries with concrete defaults and many new keys (UNCHAINED_*, *_NODE_URL, *_MIDGARD_URL, swapper base URLs, API key placeholders, affiliate defaults, feature flags, extended rate-limit entries).
Docker build & runtime
packages/public-api/Dockerfile		 Adjust production stage to copy built entrypoint to packages/public-api/dist/server.cjs, include packages/public-api/docs, change generated asset destination path, remove ASSET_DATA_PATH, and run new entrypoint path.
Asset discovery
packages/public-api/src/assets.ts		 Replace multiple ASSET_DATA_PATH/cwd fallbacks with a deterministic __dirname-based path to ../../../public/generated/generatedAssetData.json; remove prior existence warnings.
Middleware & auth
packages/public-api/src/middleware/auth.ts		 Source partner-resolution URL from env.SWAP_SERVICE_BASE_URL and default affiliate BPS from env.DEFAULT_AFFILIATE_BPS (replacing previous env/local constants).
Rate limiting
packages/public-api/src/middleware/rateLimit.ts		 Remove local env-int parsing; createLimiter accepts numeric max; limiter maxima now come from env.*; add affiliateMutationLimiter.
Routes: affiliate & status
packages/public-api/src/routes/affiliate/getAffiliateStats.ts, packages/public-api/src/routes/status/getSwapStatus.ts, packages/public-api/src/routes/status/utils.ts		 Switch swap-service base URL usage from local config constant to env.SWAP_SERVICE_BASE_URL; request/response behavior unchanged.
Swapper dependencies
packages/public-api/src/swapperDeps.ts		 Replace getServerConfig()/process.env fallbacks with direct env.* variables; simplify unchained URL mappings to use env.UNCHAINED_*.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I dug a schema, tidy and bright,

envs all nested, checked by night,
Docker boots where servers play,
assets found without delay,
I hop — the pipeline's feeling light.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately captures the main objectives: aligning Docker paths and simplifying server config through centralized environment validation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-public-api-build

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@railway-app railway-app bot temporarily deployed to public-api / develop March 24, 2026 17:43 Inactive
@railway-app railway-app bot temporarily deployed to public-api / production March 24, 2026 18:01 Inactive
@railway-app railway-app bot temporarily deployed to public-api / develop March 24, 2026 18:01 Inactive
coderabbitai[bot]
coderabbitai bot reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/public-api/src/env.ts`:
- Around line 4-5: Replace the loose validator "const flag =
z.string().transform(v => v === 'true')" with a strict enum-based validator so
only the literals "true" or "false" are accepted; change the schema for the
feature-flag (the const named flag in this module) to use
z.enum(['true','false']) and then transform the validated string to a boolean
(e.g., .transform(v => v === 'true')), which will cause invalid values (like
"TRUE", "1", typos, or extra whitespace) to fail validation at startup instead
of silently mapping to false.
- Around line 8-9: Tighten the zod schemas for numeric and boolean env vars:
validate PORT and DEFAULT_AFFILIATE_BPS using a numeric regex (e.g.,
.regex(/^\d+$/, 'PORT must be numeric') / 'DEFAULT_AFFILIATE_BPS must be
numeric') instead of allowing any string, change all RATE_LIMIT_* fields to use
integer validation (e.g., .int().min(1) or similar) so empty strings or
non-numeric values fail validation, and update the feature flag fields
referenced around the feature flag block (lines 61-63 and 65-75) to explicitly
validate booleans (reject invalid strings rather than coercing to false) using
zod boolean parsing or a stricter pre-parse with .refine/.transform to produce
clear error messages; update the schema entries for PORT, DEFAULT_AFFILIATE_BPS,
each RATE_LIMIT_* key, and the feature flag keys accordingly.

In `@packages/public-api/src/routes/affiliate/getAffiliateStats.ts`:
- Around line 61-62: The code builds backendUrl using new
URL(`/swaps/affiliate-fees/${address}`, env.SWAP_SERVICE_BASE_URL) which drops
any service prefix in SWAP_SERVICE_BASE_URL; change it to build the endpoint
using string concatenation instead (e.g., combine env.SWAP_SERVICE_BASE_URL with
"/swaps/affiliate-fees/" + address) so the service prefix is preserved; update
the backendUrl assignment in getAffiliateStats.ts (the const backendUrl
variable) accordingly and ensure any subsequent usage expects a string or new
URL(...) constructed from the full concatenated string.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b5d38514-dc60-4fcd-b3ce-4f7174f61059

📥 Commits

Reviewing files that changed from the base of the PR and between cdaf446 and 1c5b741.

📒 Files selected for processing (10)
  • packages/public-api/.env.example
  • packages/public-api/src/config.ts
  • packages/public-api/src/env.ts
  • packages/public-api/src/index.ts
  • packages/public-api/src/middleware/auth.ts
  • packages/public-api/src/middleware/rateLimit.ts
  • packages/public-api/src/routes/affiliate/getAffiliateStats.ts
  • packages/public-api/src/routes/status/getSwapStatus.ts
  • packages/public-api/src/routes/status/utils.ts
  • packages/public-api/src/swapperDeps.ts
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/public-api/src/index.ts

@railway-app railway-app bot temporarily deployed to public-api / develop March 24, 2026 18:12 Inactive
@railway-app railway-app bot temporarily deployed to public-api / production March 24, 2026 18:12 Inactive
@railway-app railway-app bot temporarily deployed to public-api / develop March 24, 2026 18:19 Inactive
@railway-app railway-app bot temporarily deployed to public-api / production March 24, 2026 18:19 Inactive
@kaladinlight kaladinlight merged commit 198d1f2 into develop Mar 24, 2026
5 checks passed
@kaladinlight kaladinlight deleted the fix-public-api-build branch March 24, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kaladinlight