refactor: remove runtime config generation and implement API for app configuration

- Removed the runtime configuration generation from the startup script, streamlining the application startup process.
- Added a new endpoint `/config` in the app router to serve application configuration, fetching values from environment variables.
- Updated the frontend to retrieve configuration dynamically from the new API instead of relying on a static runtime config file.
- Refactored the PostHog initialization to use the fetched configuration, improving analytics setup.

Author: atyrode

scripts/startup.sh

@@ -1,15 +1,5 @@
 #!/bin/bash
 set -e
 
-# Create runtime config with environment variables
-mkdir -p /app/frontend/dist/assets
-cat > /app/frontend/dist/assets/runtime-config.js <<EOL
-window.RUNTIME_CONFIG = {
-  CODER_URL: "${CODER_URL}",
-  VITE_PUBLIC_POSTHOG_KEY: "${VITE_PUBLIC_POSTHOG_KEY}",
-  VITE_PUBLIC_POSTHOG_HOST: "${VITE_PUBLIC_POSTHOG_HOST}"  
-};
-EOL
-
 # Start the application
 exec uvicorn main:app --host 0.0.0.0 --port 8000 --workers $API_WORKERS

src/backend/routers/app_router.py

@@ -22,3 +22,14 @@ async def get_build_info():
         # Return a default response if file doesn't exist
         print(f"Error reading build-info.json: {str(e)}")
         return {"buildHash": "development", "timestamp": int(time.time())}
+
+@app_router.get("/config")
+async def get_app_config():
+    """
+    Return runtime configuration for the frontend
+    """
+    return {
+        "coderUrl": os.getenv("CODER_URL", ""),
+        "posthogKey": os.getenv("VITE_PUBLIC_POSTHOG_KEY", ""),
+        "posthogHost": os.getenv("VITE_PUBLIC_POSTHOG_HOST", "")
+    }

src/frontend/index.html

@@ -6,11 +6,10 @@
       name="viewport"
       content="width=device-width, initial-scale=1, shrink-to-fit=no"
     />
-    <meta name="theme-color" content="#000000" />
+    <meta name="theme-color" content="#untime0" />
 
     <title>Pad.ws</title>
     <link rel="icon" type="image/x-icon" href="/assets/images/favicon.png" />
-    <script src="/assets/runtime-config.js"></script>
   </head>
 
   <body>

src/frontend/src/AuthGate.tsx

@@ -1,5 +1,6 @@
 import React, { useEffect, useRef, useState } from "react";
 import { useAuthCheck } from "./api/hooks";
+import { getAppConfig } from "./api/configService";
 
 /**
  * If unauthenticated, it shows the AuthModal as an overlay, but still renders the app behind it.
@@ -19,26 +20,42 @@ export default function AuthGate({ children }: { children: React.ReactNode }) {
   useEffect(() => {
     // Only run the Coder OIDC priming once per session, after auth is confirmed
     if (isAuthenticated === true && !coderAuthDone) {
-      const iframe = document.createElement("iframe");
-      iframe.style.display = "none";
-      // Use runtime config if available, fall back to import.meta.env
-      const coderUrl = window.RUNTIME_CONFIG?.CODER_URL || import.meta.env.CODER_URL;
-      iframe.src = `${coderUrl}/api/v2/users/oidc/callback`;
-      console.debug(`[pad.ws] (Silently) Priming Coder OIDC session for ${coderUrl}`);
+      const setupIframe = async () => {
+        try {
+          // Get config from API
+          const config = await getAppConfig();
+          
+          if (!config.coderUrl) {
+            console.warn('[pad.ws] Coder URL not found, skipping OIDC priming');
+            setCoderAuthDone(true);
+            return;
+          }
+          
+          const iframe = document.createElement("iframe");
+          iframe.style.display = "none";
+          iframe.src = `${config.coderUrl}/api/v2/users/oidc/callback`;
+          console.debug(`[pad.ws] (Silently) Priming Coder OIDC session for ${config.coderUrl}`);
 
-      // Remove iframe as soon as it loads, or after 2s fallback
-      const cleanup = () => {
-        if (iframe.parentNode) iframe.parentNode.removeChild(iframe);
-        setCoderAuthDone(true);
-      };
-
-      iframe.onload = cleanup;
-      document.body.appendChild(iframe);
-      iframeRef.current = iframe;
+          // Remove iframe as soon as it loads, or after fallback timeout
+          const cleanup = () => {
+            if (iframe.parentNode) iframe.parentNode.removeChild(iframe);
+            setCoderAuthDone(true);
+          };
 
-      // Fallback: remove iframe after 5s if onload doesn't fire
-      timeoutRef.current = window.setTimeout(cleanup, 5000);
+          iframe.onload = cleanup;
+          document.body.appendChild(iframe);
+          iframeRef.current = iframe;
 
+          // Fallback: remove iframe after 5s if onload doesn't fire
+          timeoutRef.current = window.setTimeout(cleanup, 5000);
+        } catch (error) {
+          console.error('[pad.ws] Error setting up Coder OIDC priming:', error);
+          setCoderAuthDone(true);
+        }
+      };
+      
+      setupIframe();
+      
       // Cleanup on unmount or re-run
       return () => {
         if (iframeRef.current && iframeRef.current.parentNode) {

src/frontend/src/api/configService.ts

@@ -0,0 +1,39 @@
+import { fetchApi } from './apiUtils';
+
+/**
+ * Application configuration interface
+ */
+export interface AppConfig {
+  coderUrl: string;
+  posthogKey: string;
+  posthogHost: string;
+}
+
+// Cache the config to avoid unnecessary API calls
+let cachedConfig: AppConfig | null = null;
+
+/**
+ * Get the application configuration from the API
+ * @returns The application configuration
+ */
+export async function getAppConfig(): Promise<AppConfig> {
+  // Return cached config if available
+  if (cachedConfig) {
+    return cachedConfig;
+  }
+  
+  try {
+    // Fetch config from API
+    const config = await fetchApi('/api/app/config');
+    cachedConfig = config;
+    return config;
+  } catch (error) {
+    console.error('[pad.ws] Failed to load application configuration:', error);
+    // Return default values as fallback
+    return {
+      coderUrl: '',
+      posthogKey: '',
+      posthogHost: ''
+    };
+  }
+}

src/frontend/src/global.d.ts

@@ -1,8 +1,3 @@
 interface Window {
-  RUNTIME_CONFIG?: {
-    CODER_URL: string;
-    VITE_PUBLIC_POSTHOG_KEY: string;
-    VITE_PUBLIC_POSTHOG_HOST: string;
-  };
   ExcalidrawLib: any;
 }

src/frontend/src/utils/posthog.ts

@@ -1,22 +1,25 @@
 import posthog from 'posthog-js';
+import { getAppConfig } from '../api/configService';
 
-const posthogKey = window.RUNTIME_CONFIG?.VITE_PUBLIC_POSTHOG_KEY || import.meta.env.VITE_PUBLIC_POSTHOG_KEY;
-const posthogHost = window.RUNTIME_CONFIG?.VITE_PUBLIC_POSTHOG_HOST || import.meta.env.VITE_PUBLIC_POSTHOG_HOST;
+// Initialize PostHog with empty values first
+posthog.init('', { api_host: '' });
 
-// Initialize PostHog
-if (posthogKey) {
-  posthog.init(posthogKey, {
-    api_host: posthogHost,
-  });
-  console.debug('[pad.ws] PostHog initialized successfully');
-} else {
-  console.warn('[pad.ws] PostHog API key not found. Analytics will not be tracked.');
-}
+// Then update with real values when config is loaded
+getAppConfig().then(config => {
+  if (config.posthogKey) {
+    posthog.init(config.posthogKey, {
+      api_host: config.posthogHost,
+    });
+    console.debug('[pad.ws] PostHog initialized successfully');
+  } else {
+    console.warn('[pad.ws] PostHog API key not found. Analytics will not be tracked.');
+  }
+});
 
 // Helper function to track custom events
 export const capture = (eventName: string, properties?: Record<string, any>) => {
   posthog.capture(eventName, properties);
 };
 
 // Export PostHog instance for direct use
-export default posthog;
+export default posthog;