AIA-Creative-Lab/vite.config.ts at main · Yacinewhatchandcode/AIA-Creative-Lab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import path from 'path';
import { defineConfig, loadEnv } from 'vite';
import react from '@vitejs/plugin-react';

// CRITICAL SECURITY FIX: NEVER expose API keys to client-side bundle
// API keys must only be accessed server-side through proxy
export default defineConfig(({ mode }) => {
    const env = loadEnv(mode, '.', '');

    // Security: Filter out sensitive environment variables from client bundle
    const serverOnlyEnvVars = ['KIE_API_KEY', 'OPENROUTER_API_KEY', 'CF_ACCESS_TOKEN', 'CLOUDFLARE_ACCOUNT_ID', 'CLOUDFLARE_R2_ACCESS_KEY_ID', 'CLOUDFLARE_R2_SECRET_ACCESS_KEY'];

    const safeClientEnv = Object.fromEntries(
        Object.entries(env).filter(([key]) => !serverOnlyEnvVars.includes(key))
    );

    return {
      server: {
        port: 3000,
        host: '0.0.0.0',
        proxy: {
          // Security: Route all API calls through server-side proxy
          '/api': {
            target: 'http://localhost:3001',
            changeOrigin: true,
            secure: true,
          }
        }
      },
      plugins: [react()],
      define: {
        // Security: Never expose API keys to client-side
        'import.meta.env.CLIENT_SIDE_ONLY': JSON.stringify('true'),
        'import.meta.env.SECURITY_MODE': JSON.stringify('production'),
        'import.meta.env.INPUT_VALIDATION': JSON.stringify('enabled'),
        'import.meta.env.API_PROXY_REQUIRED': JSON.stringify('true'),
      },
      resolve: {
        alias: {
          '@': path.resolve(__dirname, '.'),
        }
      },
      build: {
        rollupOptions: {
          output: {
            // Security: Split bundles for analysis
            manualChunks: {
              vendor: ['react', 'react-dom'],
            }
          }
        }
      }
    };
});