Dev

[RandithaK]

Summary by CodeRabbit

• Chores
  • Backend gateway updated to allow an additional development frontend origin to access the API.
  • Configuration updated to explicitly declare environment variables for the public appointments-availability and service-types endpoints.

[coderabbitai]

Walkthrough

Adds a development origin to the gateway CORS allowed-origins and inserts explicit env_var entries for the appointments-related services in config.yaml. No changes to routing, proxying, or authentication logic are present.

Changes

Cohort / File(s)	Summary
CORS configuration cmd/gateway/main.go	Added https://dev.techtorque.randitha.net to the list of allowed origins in the CORS policy.
Service config env_vars config.yaml	Added env_var entries (APPOINTMENTS_SERVICE_URL) for two appointments-related service entries (public appointments-availability and service-types).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Check the CORS origin formatting and ensure it matches expected dev domain (scheme, hostname).
• Verify env_var names align with runtime/service loader expectations and no duplicate/conflicting keys exist.

Possibly related PRs

• feat: Add additional allowed origin for CORS in main.go #10: Also modifies CORS allowed origins in cmd/gateway/main.go — likely adds or adjusts frontend origins.
• Dev ops #6: Adds EnvVar field and env-var override handling in gateway code, related to the new env_var entries in config.yaml.

Poem

🐰 A dev domain hops into the night,
CORS doors open, small and bright,
Env vars tucked in tidy rows,
The gateway hums where traffic flows,
I nibble logs and dance in bytes. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Dev' is extremely vague and does not clearly summarize the actual changes made (CORS origin addition and config variable declarations).	Revise the title to be more descriptive, such as 'Add dev environment to CORS origins and configure appointments service URLs' to clearly communicate the primary changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

Tip

📝 Customizable high-level summaries are now available!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide custom instructions to shape the summary (bullet lists, tables, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example:

"Create a concise high-level summary as a bullet-point list. Then include a Markdown table showing lines added and removed by each contributing author."

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

cmd/gateway/main.go (1)

229-229: LGTM! Development origin added correctly.

The addition of the development domain follows the existing pattern and uses HTTPS, which is appropriate for security.

Optional: Consider making CORS origins configurable.

While this change is correct, the entire AllowedOrigins list is currently hardcoded. For better flexibility across environments, consider loading these from an environment variable (e.g., ALLOWED_ORIGINS as a comma-separated list). This would make it easier to manage different deployments without code changes.

Example approach:

// Read from environment variable, fallback to defaults
allowedOrigins := []string{
    "http://localhost:3000",
    "http://127.0.0.1:3000",
}
if envOrigins := os.Getenv("ALLOWED_ORIGINS"); envOrigins != "" {
    allowedOrigins = strings.Split(envOrigins, ",")
}

router.Use(cors.New(cors.Options{
    AllowedOrigins: allowedOrigins,
    // ... rest of config
}).Handler)

This would align with the existing pattern of environment variable overrides used for service URLs (lines 59-86).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 572a093 and b43efd6.

📒 Files selected for processing (1)

• cmd/gateway/main.go (1 hunks)

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b43efd6 and 675c524.

📒 Files selected for processing (1)

• config.yaml (2 hunks)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Inconsistent env_var handling for appointments services—standardize declaration approach.

The "appointments-availability" and "service-types" services now explicitly declare env_var: "APPOINTMENTS_SERVICE_URL", but the related "appointments" service (line 42–47) omits the env_var field and relies on auto-generation. This creates an inconsistency with the established pattern in the config: services sharing a backend (auth+users, services+projects, payments+invoices) all use explicit env_var declarations.

If auto-generation occurs for "appointments" but explicit declarations are made for "appointments-availability" and "service-types", there's a risk of env_var mismatch or confusion about which variable controls which service.

For consistency and clarity, add env_var: "APPOINTMENTS_SERVICE_URL" to the "appointments" service as well.

  # Protected appointment endpoints
  - name: "appointments"
    path_prefix: "/api/v1/appointments"
    target_url: "http://localhost:8083"
    strip_prefix: "/api/v1"
    auth_required: true
-   # env_var not specified - will auto-generate: APPOINTMENTS_SERVICE_URL
+   env_var: "APPOINTMENTS_SERVICE_URL"

Also update the comment on line 47 to be consistent with the new explicit declaration.

Also applies to: 55-55

🤖 Prompt for AI Agents

In config.yaml around lines 42 to 47 (and also line 55), the "appointments"
service is missing an explicit env_var while related services use env_var:
"APPOINTMENTS_SERVICE_URL"; add env_var: "APPOINTMENTS_SERVICE_URL" to the
"appointments" service block (same indentation as the other services) and update
the comment on line 47 to reflect the explicit declaration (make it consistent
with the other services' comments); repeat the same explicit env_var insertion
for the related occurrence at line 55.