does it work on staging?

Author: errkk

config/dev.exs

@@ -1,7 +1,9 @@
 import Config
 
 config :pr,
-  playlist_name: "PlayRequest"
+  playlist_name: "PlayRequest",
+  session_same_site: "Lax",
+  session_secure: false
 
 # Configure your database
 config :pr, PR.Repo,
@@ -78,8 +80,8 @@ config :pr, PRWeb.Endpoint,
   ]
 
 # Do not include metadata nor timestamps in development logs
-# config :logger, :console, format: "[$level] $message\n"
-config :logger, level: :info
+config :logger, :console, format: "[$level] $message\n", level: :debug
+# config :logger, level: :info
 
 # Initialize plugs at runtime for faster development compilation
 config :phoenix, :plug_init_mode, :runtime
@@ -90,43 +92,4 @@ config :phoenix, :stacktrace_depth, 20
 
 config :phoenix_live_view, :debug_heex_annotations, true
 
-config :pr, :sonos,
-  scopes: "playback-control-all",
-  redirect_uri: "#{System.get_env("REDIRECT_URL_BASE")}/sonos/authorized",
-  key: System.get_env("SONOS_KEY"),
-  secret: System.get_env("SONOS_SECRET")
-
-config :pr, :spotify,
-  scopes:
-    ~w(user-modify-playback-state user-read-currently-playing user-read-playback-state playlist-modify-private playlist-read-private),
-  redirect_uri: "#{System.get_env("REDIRECT_URL_BASE")}/spotify/authorized",
-  user_id: System.get_env("SPOTIFY_USER_ID"),
-  key: System.get_env("SPOTIFY_CLIENT_ID"),
-  secret: System.get_env("SPOTIFY_SECRET")
-
-config :ueberauth, Ueberauth.Strategy.Google.OAuth,
-  client_id: System.get_env("GOOGLE_CLIENT_ID"),
-  client_secret: System.get_env("GOOGLE_CLIENT_SECRET")
-
-config :pr,
-  allowed_user_domains: System.get_env("ALLOWED_USER_DOMAINS"),
-  installation_name: System.get_env("INSTALLATION_NAME", "PlayRequest"),
-  super_likes_allowed: System.get_env("SUPER_LIKES_ALLOWED", "2"),
-  burns_allowed: System.get_env("BURNS_ALLOWED", "2")
-
-config :pr, :feature_flags,
-  show_volume: System.get_env("FF_VOLUME", ""),
-  show_toggle_playback: System.get_env("FF_TOGGLE_PLAYBACK", ""),
-  show_skip: System.get_env("FF_SKIP", ""),
-  scale_play_button: System.get_env("FF_SCALE_PLAY_BUTTON", ""),
-  show_super_like: System.get_env("FF_SUPER_LIKE", ""),
-  show_burn: System.get_env("FF_BURN", "")
-
-config :sentry,
-  dsn: System.get_env("SENTRY_DSN"),
-  environment_name: :dev,
-  enable_source_code_context: true,
-  root_source_code_path: File.cwd!(),
-  tags: %{
-    env: "dev"
-  }
+# Runtime configuration for development environment has been moved to config/runtime.exs

config/prod.exs

@@ -1,20 +1,24 @@
 import Config
 
-config :logger,
-  backends: [LoggerJSON],
-  level: :info
+config :pr,
+  session_same_site: "None",
+  session_secure: true
 
-config :pr, PR.Repo, ssl: false, socket_options: [:inet6]
+# For production, don't forget to configure the url host
+# to something meaningful, Phoenix uses this information
+# when generating URLs.
 
-config :pr, PRWeb.Endpoint,
-  force_ssl: [rewrite_on: [:x_forwarded_proto]],
-  server: true,
-  root: ".",
-  version: Application.spec(:pr, :vsn)
+# Runtime configuration (such as database credentials) should be
+# placed in config/runtime.exs which is loaded at runtime.
 
-config :pr,
-  sleep: 60_000
+# Note we also include the path to a cache manifest
+# containing the digested version of static files. This
+# manifest is generated by the `mix assets.deploy` task,
+# which you should run after static files are built and
+# before starting your production server.
+config :pr, PRWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
+
+# Do not print debug messages in production
+config :logger, level: :info
 
-config :sentry,
-  enable_source_code_context: true,
-  root_source_code_path: File.cwd!()
+# Runtime configuration moved to config/runtime.exs

config/releases.exs

@@ -0,0 +1,123 @@
+import Config
+
+# config/runtime.exs is executed for all environments, including
+# during releases. It is executed after compilation and before the
+# system starts, so it is typically used to load production configuration
+# and secrets from environment variables or elsewhere. Do not define
+# any compile-time configuration in here, as it won't be applied.
+
+# ## Using releases
+#
+# If you use `mix release`, you need to explicitly enable the server
+# by passing the PHX_SERVER=true when you start it:
+#
+#     PHX_SERVER=true bin/pr start
+#
+# Alternatively, you can use `mix phx.gen.release` to generate a `bin/server`
+# script that automatically sets the env var above.
+if System.get_env("PHX_SERVER") do
+  config :pr, PRWeb.Endpoint, server: true
+end
+
+# Common runtime configuration for all environments
+config :pr, :sonos,
+  scopes: "playback-control-all",
+  redirect_uri: "#{System.get_env("REDIRECT_URL_BASE")}/sonos/authorized",
+  key: System.get_env("SONOS_KEY"),
+  secret: System.get_env("SONOS_SECRET")
+
+config :pr, :spotify,
+  scopes:
+    ~w(user-modify-playback-state user-read-currently-playing user-read-playback-state playlist-modify-private playlist-read-private),
+  redirect_uri: "#{System.get_env("REDIRECT_URL_BASE")}/spotify/authorized",
+  user_id: System.get_env("SPOTIFY_USER_ID"),
+  key: System.get_env("SPOTIFY_CLIENT_ID"),
+  secret: System.get_env("SPOTIFY_SECRET")
+
+config :ueberauth, Ueberauth.Strategy.Google.OAuth,
+  client_id: System.get_env("GOOGLE_CLIENT_ID"),
+  client_secret: System.get_env("GOOGLE_CLIENT_SECRET")
+
+config :pr,
+  allowed_user_domains: System.get_env("ALLOWED_USER_DOMAINS"),
+  installation_name: System.get_env("INSTALLATION_NAME", "PlayRequest"),
+  super_likes_allowed: System.get_env("SUPER_LIKES_ALLOWED", "2"),
+  burns_allowed: System.get_env("BURNS_ALLOWED", "2")
+
+config :pr, :feature_flags,
+  show_volume: System.get_env("FF_VOLUME", ""),
+  show_toggle_playback: System.get_env("FF_TOGGLE_PLAYBACK", ""),
+  show_skip: System.get_env("FF_SKIP", ""),
+  scale_play_button: System.get_env("FF_SCALE_PLAY_BUTTON", ""),
+  show_super_like: System.get_env("FF_SUPER_LIKE", ""),
+  show_burn: System.get_env("FF_BURN", "")
+
+config :sentry,
+  dsn: System.get_env("SENTRY_DSN"),
+  enable_source_code_context: true,
+  root_source_code_path: File.cwd!()
+
+# Production-specific configuration
+if config_env() == :prod do
+  config :logger,
+    backends: [LoggerJSON],
+    level: :info
+
+  config :pr, PR.Repo,
+    url: System.get_env("DATABASE_URL") || raise("DATABASE_URL not available"),
+    pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
+    ssl: false,
+    socket_options: [:inet6]
+
+  config :pr, PRWeb.Endpoint,
+    http: [port: String.to_integer(System.get_env("PORT") || "4000")],
+    url: [host: System.get_env("HOSTNAME"), port: 443, scheme: "https"],
+    cache_static_manifest: "priv/static/cache_manifest.json",
+    force_ssl: [rewrite_on: [:x_forwarded_proto]],
+    server: true
+
+  # Production requires these environment variables
+  unless System.get_env("SONOS_KEY"), do: raise("SONOS_KEY not available")
+  unless System.get_env("SONOS_SECRET"), do: raise("SONOS_SECRET not available")
+  unless System.get_env("SPOTIFY_USER_ID"), do: raise("SPOTIFY_USER_ID not available")
+  unless System.get_env("SPOTIFY_CLIENT_ID"), do: raise("SPOTIFY_CLIENT_ID not available")
+  unless System.get_env("SPOTIFY_SECRET"), do: raise("SPOTIFY_SECRET not available")
+  unless System.get_env("GOOGLE_CLIENT_ID"), do: raise("GOOGLE_CLIENT_ID not available")
+  unless System.get_env("GOOGLE_CLIENT_SECRET"), do: raise("GOOGLE_CLIENT_SECRET not available")
+
+  config :pr,
+    sleep: 60_000
+
+  app_name =
+    System.get_env("FLY_APP_NAME") ||
+      raise "FLY_APP_NAME not available"
+
+  config :libcluster,
+    debug: true,
+    topologies: [
+      fly6pn: [
+        strategy: Cluster.Strategy.DNSPoll,
+        config: [
+          polling_interval: 5_000,
+          query: "#{app_name}.internal",
+          node_basename: app_name
+        ]
+      ]
+    ]
+
+  config :sentry,
+    tags: %{
+      env: System.get_env("RELEASE_STAGE") || "dev"
+    },
+    environment_name: System.get_env("RELEASE_STAGE") || :prod,
+    release: System.get_env("APP_REVISION", "dev")
+end
+
+# Development-specific configuration
+if config_env() == :dev do
+  config :sentry,
+    environment_name: :dev,
+    tags: %{
+      env: "dev"
+    }
+end

config/runtime.exs

@@ -51,7 +51,7 @@ defmodule PRWeb do
   def plug do
     quote do
       import Plug.Conn
-      use Phoenix.Controller, namespace: PRWeb
+      import Phoenix.Controller, only: [redirect: 2]
       unquote(verified_routes())
     end
   end

lib/pr_web.ex

@@ -0,0 +1,10 @@
+<div class="content">
+  <header class="container--header">
+    <h1><%= installation_name() %></h1>
+  </header>
+  <div class="alert-container">
+    <.flash class="alert alert-info" kind={:info} title="Success!" flash={@flash} />
+    <.flash class="alert alert-danger" kind={:error} title="Error!" flash={@flash} />
+  </div>
+  <%= @inner_content %>
+</div>

lib/pr_web/components/layouts/auth.html.heex

@@ -1,6 +1,7 @@
 defmodule PRWeb.AuthController do
   use PRWeb, :controller
   plug(Ueberauth)
+  plug(:put_layout, html: {PRWeb.Layouts, :auth})
 
   alias PR.Auth
 

lib/pr_web/controllers/auth_controller.ex

@@ -6,7 +6,9 @@ defmodule PRWeb.Endpoint do
     store: :cookie,
     key: "_pr_web_key",
     signing_salt: "ZG+jiBR2",
-    same_site: "None"
+    # Different same site polic for local where there is no HTTPS
+    same_site: Application.compile_env(:pr, :session_same_site, "Lax"),
+    secure: Application.compile_env(:pr, :session_secure, false)
   ]
 
   socket("/live", Phoenix.LiveView.Socket,

lib/pr_web/endpoint.ex

@@ -0,0 +1,45 @@
+defmodule PRWeb.AuthHooks do
+  @moduledoc """
+  LiveView authentication hooks for handling user sessions.
+  """
+  use PRWeb, :verified_routes
+
+  import Phoenix.Component
+  import Phoenix.LiveView
+
+  alias PR.Auth
+
+  def on_mount(:require_authenticated_user, _params, %{"user_id" => user_id} = session, socket) do
+    require Logger
+    Logger.debug("AuthHook: Found user_id in session: #{inspect(user_id)}")
+    Logger.debug("AuthHook: Full session: #{inspect(session)}")
+
+    case Auth.get_user(user_id) do
+      nil ->
+        Logger.debug("AuthHook: User not found in database for user_id: #{inspect(user_id)}")
+
+        socket =
+          socket
+          |> put_flash(:error, "You must log in to access this page.")
+          |> redirect(to: ~p"/auth")
+
+        {:halt, socket}
+
+      user ->
+        Logger.debug("AuthHook: User authenticated: #{inspect(user.id)}")
+        {:cont, assign(socket, current_user: user)}
+    end
+  end
+
+  def on_mount(:require_authenticated_user, _params, session, socket) do
+    require Logger
+    Logger.debug("AuthHook: No user_id in session. Session: #{inspect(session)}")
+
+    socket =
+      socket
+      |> put_flash(:error, "You must log in to access this page.")
+      |> redirect(to: ~p"/auth")
+
+    {:halt, socket}
+  end
+end