server/src/index.ts

import 'dotenv/config';
import express from 'express';
import cors from 'cors';
import { toNodeHandler } from 'better-auth/node';
import { auth } from './auth/auth';
import { authRateLimiter, apiRateLimiter } from './auth/rateLimiter';
import { requireAuth } from './auth/middleware';
import chemicalsRouter from './routes/chemicals';
import protocolsRouter from './routes/protocols';
import profileRouter from './routes/profile';
import path from 'path';

const app = express();
const PORT = process.env.PORT || 3001;
const UPLOADS_DIR = process.env.UPLOADS_DIR || path.join(__dirname, '../uploads');

// Trust Cloudflare/proxy X-Forwarded-For headers
app.set('trust proxy', 1);

app.use(cors({
  origin: [
    'http://localhost:5173',
    'https://labwise.wahwa.com',
  ],
  credentials: true,
}));

// Serve uploaded files
app.use('/uploads', express.static(UPLOADS_DIR));

// iOS OAuth callback — must be registered before the Better Auth wildcard
// so Express matches this specific path first.
// Better Auth completes the Google flow, sets the session cookie, then
// redirects to this endpoint (passed as callbackURL from the native app).
// We read the raw session token out of the cookie and forward it in the
// custom URL scheme so the iOS app can inject it into URLSession's cookie jar.
app.get('/api/ios-callback', requireAuth, (req, res) => {
  const cookieHeader = req.headers.cookie ?? '';
  const token = cookieHeader
    .split(';')
    .map(c => c.trim())
    .find(c => c.startsWith('better-auth.session_token='))
    ?.split('=')
    .slice(1)
    .join('='); // re-join in case the value itself contains '='

  if (!token) {
    return res.redirect('labwise://auth?error=no_session');
  }

  res.redirect(`labwise://auth?token=${encodeURIComponent(token)}`);
});

// Better Auth — must come before express.json() so it can read its own body
app.use('/api/auth/*', authRateLimiter);
app.all('/api/auth/*', toNodeHandler(auth));

// Body parsing for all other routes
app.use(express.json({ limit: '1mb' }));

// Application routes
app.use('/api', apiRateLimiter);
app.use('/api/chemicals', chemicalsRouter);
app.use('/api/protocols', protocolsRouter);
app.use('/api/profile', profileRouter);

app.get('/api/health', (_req, res) => res.json({ ok: true }));

app.listen(PORT, () => {
  console.log(`LabWise API running on http://localhost:${PORT}`);
});
should work on both localhost and outside. 2026-03-19 13:48:19 -05:00			`import 'dotenv/config';`
Login sequence and inventory/protocol storage groundwork 2026-03-19 05:42:11 +00:00			`import express from 'express';`
			`import cors from 'cors';`
			`import { toNodeHandler } from 'better-auth/node';`
			`import { auth } from './auth/auth';`
			`import { authRateLimiter, apiRateLimiter } from './auth/rateLimiter';`
ios support stuff 2026-03-20 00:02:56 -05:00			`import { requireAuth } from './auth/middleware';`
Login sequence and inventory/protocol storage groundwork 2026-03-19 05:42:11 +00:00			`import chemicalsRouter from './routes/chemicals';`
			`import protocolsRouter from './routes/protocols';`
AWS SES preview 2026-03-19 19:59:01 -05:00			`import profileRouter from './routes/profile';`
Login sequence and inventory/protocol storage groundwork 2026-03-19 05:42:11 +00:00			`import path from 'path';`

			`const app = express();`
			`const PORT = process.env.PORT \|\| 3001;`
			`const UPLOADS_DIR = process.env.UPLOADS_DIR \|\| path.join(__dirname, '../uploads');`

			`// Trust Cloudflare/proxy X-Forwarded-For headers`
			`app.set('trust proxy', 1);`

			`app.use(cors({`
			`origin: [`
			`'http://localhost:5173',`
			`'https://labwise.wahwa.com',`
			`],`
			`credentials: true,`
			`}));`

			`// Serve uploaded files`
			`app.use('/uploads', express.static(UPLOADS_DIR));`

ios support stuff 2026-03-20 00:02:56 -05:00			`// iOS OAuth callback — must be registered before the Better Auth wildcard`
			`// so Express matches this specific path first.`
			`// Better Auth completes the Google flow, sets the session cookie, then`
			`// redirects to this endpoint (passed as callbackURL from the native app).`
			`// We read the raw session token out of the cookie and forward it in the`
			`// custom URL scheme so the iOS app can inject it into URLSession's cookie jar.`
			`app.get('/api/ios-callback', requireAuth, (req, res) => {`
			`const cookieHeader = req.headers.cookie ?? '';`
			`const token = cookieHeader`
			`.split(';')`
			`.map(c => c.trim())`
			`.find(c => c.startsWith('better-auth.session_token='))`
			`?.split('=')`
			`.slice(1)`
			`.join('='); // re-join in case the value itself contains '='`

			`if (!token) {`
			`return res.redirect('labwise://auth?error=no_session');`
			`}`

			res.redirect(`labwise://auth?token=${encodeURIComponent(token)}`);
			`});`

Login sequence and inventory/protocol storage groundwork 2026-03-19 05:42:11 +00:00			`// Better Auth — must come before express.json() so it can read its own body`
			`app.use('/api/auth/*', authRateLimiter);`
			`app.all('/api/auth/*', toNodeHandler(auth));`

			`// Body parsing for all other routes`
			`app.use(express.json({ limit: '1mb' }));`

			`// Application routes`
			`app.use('/api', apiRateLimiter);`
			`app.use('/api/chemicals', chemicalsRouter);`
			`app.use('/api/protocols', protocolsRouter);`
AWS SES preview 2026-03-19 19:59:01 -05:00			`app.use('/api/profile', profileRouter);`
Login sequence and inventory/protocol storage groundwork 2026-03-19 05:42:11 +00:00
			`app.get('/api/health', (_req, res) => res.json({ ok: true }));`

			`app.listen(PORT, () => {`
			console.log(`LabWise API running on http://localhost:${PORT}`);
			`});`