From b218b456ced075c8a8df0c2ccf6182b20a2b41fe Mon Sep 17 00:00:00 2001 From: Nandgopal-R Date: Tue, 10 Mar 2026 11:23:50 +0530 Subject: [PATCH 1/4] Fix cookie configuration for cross-domain auth --- src/api/auth/index.ts | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/api/auth/index.ts b/src/api/auth/index.ts index ac19a10..7ed5765 100644 --- a/src/api/auth/index.ts +++ b/src/api/auth/index.ts @@ -37,7 +37,9 @@ export const auth = betterAuth({ crossSubDomainCookies: { enabled: false, // Not subdomains, different domains entirely }, - cookieSameSite: "none", // CRITICAL: Allow cross-site cookies + defaultCookieAttributes: { + sameSite: "none", // CRITICAL: Allow cross-site cookies (Vercel <-> Railway) + }, }, emailAndPassword: { @@ -54,7 +56,10 @@ export const auth = betterAuth({ to: user.email, subject: "Verify your email address", html: ` -

Welcome, ${user.name}!

+

Wel cd /home/nandu/uni/sem6/se/project/form-engine + git add src/api/auth/index.ts src/index.ts + git commit -m "Fix cookie configuration for cross-domain auth" + git pushme, ${user.name}!

Click the link below to verify your email:

Verify Email `, From 55291359adf98db95ee9f9ebfd8eaa197e613daa Mon Sep 17 00:00:00 2001 From: Nandgopal-R Date: Tue, 10 Mar 2026 11:31:06 +0530 Subject: [PATCH 2/4] fix --- src/api/auth/index.ts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/api/auth/index.ts b/src/api/auth/index.ts index 7ed5765..1679294 100644 --- a/src/api/auth/index.ts +++ b/src/api/auth/index.ts @@ -56,10 +56,7 @@ export const auth = betterAuth({ to: user.email, subject: "Verify your email address", html: ` -

Wel cd /home/nandu/uni/sem6/se/project/form-engine - git add src/api/auth/index.ts src/index.ts - git commit -m "Fix cookie configuration for cross-domain auth" - git pushme, ${user.name}!

+

Welcome, ${user.name}!

Click the link below to verify your email:

Verify Email `, From 177348bec8b2f7d21fdc880395a3df539f4de6cb Mon Sep 17 00:00:00 2001 From: Nandgopal-R Date: Tue, 10 Mar 2026 11:54:31 +0530 Subject: [PATCH 3/4] Add public endpoint for form fields --- src/api/form-fields/routes.ts | 8 ++++++++ src/index.ts | 6 +++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/api/form-fields/routes.ts b/src/api/form-fields/routes.ts index 533784f..c7d6c2f 100644 --- a/src/api/form-fields/routes.ts +++ b/src/api/form-fields/routes.ts @@ -15,6 +15,14 @@ import { updateField, } from "./controller"; +// Public routes (no auth required for viewing form fields) +export const publicFormFieldRoutes = new Elysia({ prefix: "/fields" }).get( + "/public/:formId", + getAllFields, + getAllFieldsDTO, +); + +// Protected routes (require auth) export const formFieldRoutes = new Elysia({ prefix: "/fields" }) .use(requireAuth) .get("/:formId", getAllFields, getAllFieldsDTO) diff --git a/src/index.ts b/src/index.ts index d007e13..47b0835 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,7 +1,10 @@ import { cors } from "@elysiajs/cors"; import { Elysia } from "elysia"; import { authRoutes } from "./api/auth/routes"; -import { formFieldRoutes } from "./api/form-fields/routes"; +import { + formFieldRoutes, + publicFormFieldRoutes, +} from "./api/form-fields/routes"; import { formResponseRoutes } from "./api/form-response/routes"; import { formRoutes, publicFormRoutes } from "./api/forms/routes"; import { logger } from "./logger/index"; @@ -57,6 +60,7 @@ const app = new Elysia() .get("/", () => "🦊 Elysia server started") .use(authRoutes) .use(publicFormRoutes) // Public routes first (no auth) + .use(publicFormFieldRoutes) // Public form fields (no auth) .use(formRoutes) .use(formFieldRoutes) .use(formResponseRoutes); From fb94f33f22dbc902f3bb6e6053bb482964be6820 Mon Sep 17 00:00:00 2001 From: Nandgopal-R Date: Tue, 10 Mar 2026 11:58:19 +0530 Subject: [PATCH 4/4] Add public endpoint for form fields --- src/api/form-fields/controller.ts | 42 +++++++++++++++++++++++++++++++ src/api/form-fields/routes.ts | 3 ++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/src/api/form-fields/controller.ts b/src/api/form-fields/controller.ts index bbcfda3..e4eeb52 100644 --- a/src/api/form-fields/controller.ts +++ b/src/api/form-fields/controller.ts @@ -8,6 +8,48 @@ import type { UpdateFieldContext, } from "../../types/form-fields"; +// Public endpoint - no authentication required +export async function getPublicFields({ + params, + set, +}: { + params: { formId: string }; + set: { status?: number | string }; +}) { + const formExists = await prisma.form.count({ + where: { id: params.formId, isPublished: true }, // Only published forms are public + }); + + if (formExists === 0) { + set.status = 404; + logger.warn(`Published form not found for formId: ${params.formId}`); + return { + success: false, + message: "Form not found or not published", + data: [], + }; + } + + const fields = await prisma.formFields.findMany({ + where: { formId: params.formId }, + }); + + if (fields.length === 0) { + logger.info(`No fields found for formId: ${params.formId}`); + return { + success: true, + data: [], + }; + } + + logger.info(`Found ${fields.length} fields for formId: ${params.formId}`); + return { + success: true, + data: fields, + }; +} + +// Authenticated endpoint export async function getAllFields({ params, set }: GetAllFieldsContext) { const formExists = await prisma.form.count({ where: { id: params.formId }, diff --git a/src/api/form-fields/routes.ts b/src/api/form-fields/routes.ts index c7d6c2f..d530615 100644 --- a/src/api/form-fields/routes.ts +++ b/src/api/form-fields/routes.ts @@ -11,6 +11,7 @@ import { createField, deleteField, getAllFields, + getPublicFields, swapFields, updateField, } from "./controller"; @@ -18,7 +19,7 @@ import { // Public routes (no auth required for viewing form fields) export const publicFormFieldRoutes = new Elysia({ prefix: "/fields" }).get( "/public/:formId", - getAllFields, + getPublicFields, getAllFieldsDTO, );