added server address

backend/app.py

@@ -120,7 +120,7 @@ def create_app():
                 "http://127.0.0.1:3000",
                 "http://127.0.0.1:5000",
                 "http://192.168.1.4:3000",
-                "https://zelyanoth-lin-cbfcff2.hf.space"
+                "http://46.62.218.169"
             ],
             "methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
             "allow_headers": ["Content-Type", "Authorization", "X-Requested-With"],
@@ -143,7 +143,7 @@ def create_app():
             "http://127.0.0.1:3000",
             "http://127.0.0.1:5000",
             "http://192.168.1.4:3000",
-            "https://zelyanoth-lin-cbfcff2.hf.space"
+            "http://46.62.218.169"
         ]
 
         # Add CORS headers specifically for OAuth callback routes

backend/utils/cookies.py

@@ -93,7 +93,7 @@ def configure_jwt_with_cookies(app: Flask):
         'http://127.0.0.1:3000',
         'http://127.0.0.1:5000',
         'http://192.168.1.4:3000',
-        'https://zelyanoth-lin-cbfcff2.hf.space'
+        'http://46.62.218.169'
     ]
 
     @jwt.token_verification_loader

docs/sprint-artifacts/tech-spec-api-url-fix.md

@@ -0,0 +1,72 @@
+# Tech-Spec: Fix API URL Configuration Issue
+
+**Created:** December 23, 2025
+**Status:** Ready for Development
+
+## Overview
+
+### Problem Statement
+The frontend application is configured to use a hardcoded Hugging Face Space URL (`https://zelyanoth-lin-cbfcff2.hf.space`) instead of the user's local server IP address (`http://46.62.218.169/`). This causes API requests to fail with 404 errors when users try to access endpoints like `/api/posts/jobs/{jobId}`.
+
+### Solution
+Update the frontend environment configuration to use the correct API URL that matches the user's server IP address instead of the hardcoded Hugging Face Space URL.
+
+### Scope (In/Out)
+
+**In Scope:**
+- Update frontend environment configuration files to use correct API URL
+- Ensure API requests are made to the user's server IP address (`http://46.62.218.169/`)
+- Test that API endpoints work correctly after configuration change
+
+**Out Scope:**
+- Backend server modifications
+- Database schema changes
+- UI/UX modifications
+
+## Context for Development
+
+### Codebase Patterns
+- Frontend uses Vite with environment variables for configuration
+- API calls are made through axios with a base URL configuration
+- The project follows a standard React + Flask architecture
+
+### Files to Reference
+- `frontend/.env.production` - Contains the hardcoded Hugging Face Space URL
+- `frontend/src/services/apiClient.js` - Contains the API client configuration logic
+- `frontend/src/services/api.js` - Contains additional API configuration
+
+### Technical Decisions
+- The API URL should be configurable via environment variables to support different deployment environments
+- The production environment file should be updated to use the correct server IP address
+- CORS configuration in the backend already supports multiple origins including local addresses
+
+## Implementation Plan
+
+### Tasks
+
+- [x] Update `frontend/.env.production` to use correct API URL
+- [x] Verify that the API client properly handles the new URL configuration
+- [x] Test that API requests are made to the correct server IP address
+- [x] Verify that job polling endpoints work correctly
+
+### Acceptance Criteria
+
+- [x] AC 1: Given the updated configuration, when a user clicks the button to generate a post, then API requests should be made to `http://46.62.218.169/api/posts/` instead of the Hugging Face Space URL
+- [x] AC 2: Given the updated configuration, when a user polls for job status, then requests to `/api/posts/jobs/{jobId}` should succeed without 404 errors
+- [x] AC 3: Given the updated configuration, when the application runs in production mode, then all API calls should use the correct server IP address
+
+## Additional Context
+
+### Dependencies
+- Frontend build process needs to be run after environment variable changes
+- Backend server must be accessible at the configured IP address
+
+### Testing Strategy
+- Test the post generation flow after configuration changes
+- Verify that job polling works correctly
+- Check that all API endpoints return successful responses
+
+### Notes
+- The backend is already configured to accept requests from various origins including local addresses
+- The frontend uses environment variables to determine the API URL based on the environment
+- The hardcoded URL in the production environment file needs to be changed to the user's server IP

frontend/.env.production

@@ -1,5 +1,5 @@
 # API Configuration
-VITE_API_URL=https://zelyanoth-lin-cbfcff2.hf.space/api
+VITE_API_URL=http://46.62.218.169/api
 
 # Environment
 VITE_NODE_ENV=production

frontend/src/services/apiClient.js

@@ -4,7 +4,7 @@ import cookieService from '../services/cookieService';
 // Create axios instance with default config
 const API_BASE_URL = import.meta.env.VITE_API_URL ||
   (import.meta.env.VITE_NODE_ENV === 'production' ?
-    'https://zelyanoth-lin-cbfcff2.hf.space' :
+    'http://46.62.218.169' :
     'http://localhost:5000');
 console.log('API_BASE_URL:', API_BASE_URL);
 
@@ -32,7 +32,7 @@ apiClient.interceptors.request.use(
         headers: config.headers,
         data: config.data
       });
-      
+
       // Special logging for auth requests to verify field transformation
       if (config.url?.includes('/auth/register')) {
         console.log('🔐 [Auth Register] Request data verification:', {
@@ -43,7 +43,7 @@ apiClient.interceptors.request.use(
         });
       }
     }
-    
+
     // Get token from cookie service with fallback to localStorage
     let token = null;
     try {
@@ -53,7 +53,7 @@ apiClient.interceptors.request.use(
       console.warn('🍪 [Cookie] Error getting auth tokens, trying localStorage:', error.message);
       token = localStorage.getItem('token');
     }
-    
+
     if (token) {
       config.headers.Authorization = `Bearer ${token}`;
       if (isDevelopment) {
@@ -64,7 +64,7 @@ apiClient.interceptors.request.use(
         console.log('🔑 [Token] No token found for request');
       }
     }
-    
+
     return config;
   },
   (error) => {
@@ -91,7 +91,7 @@ apiClient.interceptors.response.use(
   async (error) => {
     const isDevelopment = import.meta.env.VITE_NODE_ENV === 'development';
     const originalRequest = error.config;
-    
+
     // Enhanced error logging
     if (isDevelopment) {
       console.error('❌ [API Response Error]', {
@@ -103,26 +103,26 @@ apiClient.interceptors.response.use(
         headers: error.response?.headers
       });
     }
-    
+
     // Handle 401 Unauthorized errors
     if (error.response?.status === 401) {
       if (isDevelopment) {
         console.log('🔐 [Auth] 401 error detected, attempting token refresh');
       }
-      
+
       // If we haven't retried this request yet
       if (!originalRequest._retry) {
         originalRequest._retry = true;
-        
+
         try {
           // Clear all authentication data
           await cookieService.clearAuthTokens();
           localStorage.removeItem('token');
-          
+
           if (isDevelopment) {
             console.log('🔐 [Auth] Cleared all authentication data');
           }
-          
+
           // Redirect to login page
           const currentPath = window.location.pathname;
           if (currentPath !== '/login' && currentPath !== '/register') {
@@ -131,22 +131,22 @@ apiClient.interceptors.response.use(
             }
             window.location.href = '/login';
           }
-          
+
         } catch (refreshError) {
           if (isDevelopment) {
             console.error('🔐 [Auth] Error during token refresh:', refreshError);
           }
-          
+
           // Even if refresh fails, clear auth data
           await cookieService.clearAuthTokens();
           localStorage.removeItem('token');
           window.location.href = '/login';
-          
+
           return Promise.reject(refreshError);
         }
       }
     }
-    
+
     // Handle network errors
     if (!error.response) {
       if (isDevelopment) {
@@ -155,12 +155,12 @@ apiClient.interceptors.response.use(
           message: error.message
         });
       }
-      
+
       // You might want to implement offline mode here
       // For now, just reject the error
       return Promise.reject(error);
     }
-    
+
     return Promise.reject(error);
   }
 );

frontend/test-auth-fix.js

@@ -1,15 +1,15 @@
 /**
  * Authentication Fix Test Script
- * This script tests the authentication fixes for Hugging Face Spaces deployment
+ * This script tests the authentication fixes for server IP deployment
  */
 
 // Test configuration
 const testConfig = {
   production: {
-    apiUrl: 'https://zelyanoth-lin-cbfcff2.hf.space/api',
+    apiUrl: 'http://46.62.218.169/api',
     expectedCookieSameSite: 'Lax',
-    expectedCookieSecure: true,
-    expectedCorsOrigin: 'https://zelyanoth-lin-cbfcff2.hf.space'
+    expectedCookieSecure: false, // Set to false for HTTP server
+    expectedCorsOrigin: 'http://46.62.218.169'
   },
   development: {
     apiUrl: 'http://localhost:5000/api',
@@ -25,98 +25,98 @@ console.log('=================================');
 // Test 1: Environment Detection
 function testEnvironmentDetection() {
   console.log('\n📋 Test 1: Environment Detection');
-  
+
   const env = import.meta.env?.VITE_NODE_ENV || 'development';
   console.log(`Current environment: ${env}`);
-  
+
   if (env === 'production') {
     console.log('✅ Production environment detected');
     console.log('   - Cookie sameSite should be: Lax');
-    console.log('   - Cookie secure should be: true');
+    console.log('   - Cookie secure should be: false (HTTP server)');
   } else {
     console.log('✅ Development environment detected');
     console.log('   - Cookie sameSite should be: Strict');
     console.log('   - Cookie secure should be: false');
   }
-  
+
   return env;
 }
 
 // Test 2: API URL Configuration
 function testApiUrlConfiguration() {
   console.log('\n📋 Test 2: API URL Configuration');
-  
+
   const apiUrl = import.meta.env?.VITE_API_URL || 'http://localhost:5000/api';
   console.log(`API URL: ${apiUrl}`);
-  
-  if (apiUrl.includes('hf.space')) {
+
+  if (apiUrl.includes('46.62.218.169')) {
     console.log('✅ Production API URL detected');
-    console.log('   - Should use: https://zelyanoth-lin-cbfcff2.hf.space/api');
+    console.log('   - Should use: http://46.62.218.169/api');
   } else {
     console.log('✅ Development API URL detected');
     console.log('   - Should use: http://localhost:5000/api');
   }
-  
+
   return apiUrl;
 }
 
 // Test 3: Cookie Service Configuration
 function testCookieServiceConfiguration() {
   console.log('\n📋 Test 3: Cookie Service Configuration');
-  
+
   // Simulate the cookie service logic
   const isProduction = import.meta.env?.VITE_NODE_ENV === 'production';
   const sameSitePolicy = isProduction ? 'Lax' : 'Strict';
-  const secureFlag = isProduction;
-  
+  const secureFlag = isProduction ? false : false; // Set to false for HTTP server
+
   console.log(`Cookie sameSite policy: ${sameSitePolicy}`);
   console.log(`Cookie secure flag: ${secureFlag}`);
-  
-  if (isProduction && sameSitePolicy === 'Lax' && secureFlag === true) {
-    console.log('✅ Production cookie configuration is correct');
+
+  if (isProduction && sameSitePolicy === 'Lax' && secureFlag === false) {
+    console.log('✅ Production cookie configuration is correct (HTTP server)');
   } else if (!isProduction && sameSitePolicy === 'Strict' && secureFlag === false) {
     console.log('✅ Development cookie configuration is correct');
   } else {
     console.log('❌ Cookie configuration is incorrect');
     return false;
   }
-  
+
   return true;
 }
 
 // Test 4: CORS Configuration Check
 function testCorsConfiguration() {
   console.log('\n📋 Test 4: CORS Configuration Check');
-  
+
   const env = import.meta.env?.VITE_NODE_ENV || 'development';
-  const expectedOrigin = env === 'production' 
-    ? 'https://zelyanoth-lin-cbfcff2.hf.space'
+  const expectedOrigin = env === 'production'
+    ? 'http://46.62.218.169'
     : 'http://localhost:3000';
-  
+
   console.log(`Expected CORS origin: ${expectedOrigin}`);
   console.log('✅ CORS configuration should include this origin');
-  
+
   return expectedOrigin;
 }
 
 // Test 5: Authentication Flow Simulation
 function testAuthenticationFlow() {
   console.log('\n📋 Test 5: Authentication Flow Simulation');
-  
+
   console.log('1. User attempts to login...');
   console.log('   - Should send credentials to /api/auth/login');
   console.log('   - Server should validate and return JWT token');
-  
+
   console.log('2. Token should be stored in cookies with:');
   console.log('   - SameSite: Lax (production) / Strict (development)');
-  console.log('   - Secure: true (production) / false (development)');
+  console.log('   - Secure: false (HTTP server) / false (development)');
   console.log('   - HttpOnly: true');
-  
+
   console.log('3. Page reload should:');
   console.log('   - Send cookies with requests');
   console.log('   - Server should validate JWT token');
   console.log('   - Return user data if valid');
-  
+
   console.log('✅ Authentication flow simulation complete');
   return true;
 }
@@ -124,13 +124,13 @@ function testAuthenticationFlow() {
 // Test 6: Error Handling
 function testErrorHandling() {
   console.log('\n📋 Test 6: Error Handling');
-  
+
   console.log('Expected error scenarios:');
   console.log('1. Invalid token → Should redirect to login');
   console.log('2. Expired token → Should clear cookies and redirect');
   console.log('3. Network error → Should show appropriate error message');
   console.log('4. CORS error → Should be handled gracefully');
-  
+
   console.log('✅ Error handling configuration complete');
   return true;
 }
@@ -138,7 +138,7 @@ function testErrorHandling() {
 // Main test runner
 function runTests() {
   console.log('🚀 Starting authentication fix tests...\n');
-  
+
   try {
     const env = testEnvironmentDetection();
     const apiUrl = testApiUrlConfiguration();
@@ -146,7 +146,7 @@ function runTests() {
     const corsOrigin = testCorsConfiguration();
     const authFlow = testAuthenticationFlow();
     const errorHandling = testErrorHandling();
-    
+
     console.log('\n🎯 Test Results Summary:');
     console.log('========================');
     console.log(`Environment: ${env}`);
@@ -155,17 +155,17 @@ function runTests() {
     console.log(`CORS Origin: ${corsOrigin}`);
     console.log(`Auth Flow: ${authFlow ? '✅' : '❌'}`);
     console.log(`Error Handling: ${errorHandling ? '✅' : '❌'}`);
-    
+
     if (cookieConfig && authFlow && errorHandling) {
       console.log('\n🎉 All tests passed! Authentication fix should work correctly.');
       console.log('\n📝 Next Steps:');
       console.log('1. Build the frontend: npm run build');
-      console.log('2. Deploy to Hugging Face Spaces');
+      console.log('2. Deploy with correct server IP configuration');
       console.log('3. Test login and page reload functionality');
     } else {
       console.log('\n⚠️  Some tests failed. Please review the configuration.');
     }
-    
+
   } catch (error) {
     console.error('\n❌ Test execution failed:', error);
   }