From 22a3c1bcedbd05bc314d0adfd3d418ce971773e1 Mon Sep 17 00:00:00 2001
From: SatsFaucet <satsfaucet@localhost>
Date: Mon, 2 Mar 2026 15:01:26 +0100
Subject: [PATCH] Add deploy/ to .gitignore; backend index and openapi updates

Made-with: Cursor
---
 .gitignore                   |  3 +++
 backend/src/index.ts         | 20 ++++++++++++++++----
 backend/src/openapi/index.ts |  9 ++++++---
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 73c0f2c..64d49b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,6 +35,9 @@ backend/data/
 # Vite
 frontend/dist/
 
+# Deploy config (server-specific)
+deploy/
+
 # Misc
 *.local
 .cache/
diff --git a/backend/src/index.ts b/backend/src/index.ts
index 3c26f38..65aa0f7 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -2,7 +2,7 @@ import WebSocket from "ws";
 // @ts-expect-error Node 20 lacks global WebSocket; nostr-tools needs it
 globalThis.WebSocket = WebSocket;
 
-import express from "express";
+import express, { Request, Response, NextFunction } from "express";
 import cors from "cors";
 import rateLimit from "express-rate-limit";
 import swaggerUi from "swagger-ui-express";
@@ -45,9 +45,21 @@ async function main() {
     })
   );
 
-  const openapiUrl = config.publicBasePath ? `/${config.publicBasePath}/openapi.json` : "/openapi.json";
-  app.get("/openapi.json", (_req, res) => res.json(buildOpenApiSpec()));
-  app.use("/docs", swaggerUi.serve, swaggerUi.setup(null, { swaggerUrl: openapiUrl }));
+  // Relative URL so Swagger resolves correctly: /docs -> ../openapi.json, /api/docs -> ../openapi.json
+  const openapiUrl = "../openapi.json";
+  app.get("/openapi.json", (req, res) => res.json(buildOpenApiSpec(req)));
+  app.use(
+    "/docs",
+    (_req: Request, res: Response, next: NextFunction) => {
+      res.setHeader(
+        "Content-Security-Policy",
+        "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'"
+      );
+      next();
+    },
+    swaggerUi.serve,
+    swaggerUi.setup(null, { swaggerUrl: openapiUrl })
+  );
 
   app.use("/", publicRoutes);
   app.use("/auth", authRoutes);
diff --git a/backend/src/openapi/index.ts b/backend/src/openapi/index.ts
index ad6650d..b51e94e 100644
--- a/backend/src/openapi/index.ts
+++ b/backend/src/openapi/index.ts
@@ -1,3 +1,4 @@
+import type { Request } from "express";
 import { config } from "../config.js";
 import base from "./base.js";
 import schemas from "./schemas.js";
@@ -7,9 +8,11 @@ import claimPaths from "./paths/claim.js";
 import userPaths from "./paths/user.js";
 
 /** Build the full OpenAPI 3.0 spec by merging split files */
-export function buildOpenApiSpec(): Record<string, unknown> {
-  const basePath = config.publicBasePath ? `/${config.publicBasePath.replace(/^\//, "")}` : "";
-  const serverUrl = basePath || "/";
+export function buildOpenApiSpec(req?: Request): Record<string, unknown> {
+  // Derive server URL from Host: API subdomain = root, frontend proxy = /api
+  const host = (req?.headers?.host ?? "").split(":")[0];
+  const fallback = config.publicBasePath ? `/${config.publicBasePath.replace(/^\//, "")}` : "/";
+  const serverUrl = host === config.apiHost ? "/" : fallback;
 
   return {
     ...base,