feat: support multiple primary SaaS domains

[gugu]

Treat rocket.sitenova.com as a first-party SaaS domain alongside app.rocketadmin.com. Introduce a single PRIMARY_SAAS_DOMAINS constant and reuse it across backend login domain validation and CORS origins, removing the duplicated hardcoded lists and the dead ALLOWED_REQUEST_DOMAIN helper. Add the domain to the frontend saasHostnames so isCustomDomain() classifies it correctly.

Summary by CodeRabbit

• Chores
  • Reorganized domain configuration by centralizing the allowlist for login validation across backend services
  • Updated authentication and request validation logic to support additional SaaS environment hostnames
  • Enhanced CORS configuration and frontend environment setup to recognize and handle new domains
  • Streamlined domain validation across the platform for improved consistency and maintainability

[coderabbitai]

📝 Walkthrough

Walkthrough

A new Constants.PRIMARY_SAAS_DOMAINS array centralizes the backend SaaS domain list. APP_REQUEST_DOMAINS() is refactored to use it, ALLOWED_REQUEST_DOMAIN() is removed, the CORS origin list and login domain validation consume the new constant, and both frontend environment files expand saasHostnames to include rocket.sitenova.com.

Changes

SaaS Domain Allowlist Expansion

Layer / File(s)	Summary
PRIMARY_SAAS_DOMAINS constant and APP_REQUEST_DOMAINS refactor backend/src/helpers/constants/constants.ts	Adds PRIMARY_SAAS_DOMAINS string array, removes ALLOWED_REQUEST_DOMAIN(), and rewrites APP_REQUEST_DOMAINS() to spread PRIMARY_SAAS_DOMAINS plus APP_DOMAIN_ADDRESS instead of hardcoded domain literals.
CORS config and login validation consume PRIMARY_SAAS_DOMAINS backend/src/main.ts, backend/src/entities/user/use-cases/usual-login-use.case.ts	CORS origin whitelist drops the explicit hardcoded SaaS origin and maps Constants.PRIMARY_SAAS_DOMAINS to https:// prefixed strings; validateRequestDomain builds allowedDomains from Constants.PRIMARY_SAAS_DOMAINS plus Constants.APP_DOMAIN_ADDRESS.
Frontend saasHostnames expanded frontend/src/environments/environment.saas.ts, frontend/src/environments/environment.saas-prod.ts	rocket.sitenova.com is added to saasHostnames in both environment files; the prod file also adds localhost.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 A domain array, neat and new,
No more hardcoded strings to stew.
PRIMARY_SAAS_DOMAINS holds the keys,
CORS and login validated with ease.
rocket.sitenova.com joins the list,
No allowed host was ever missed! 🚀

🚥 Pre-merge checks | ✅ 4 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Security Check	⚠️ Warning	PR introduces frontend/backend domain inconsistency: backend PRIMARY_SAAS_DOMAINS includes 'saas.rocketadmin.com' but frontend saasHostnames does not, causing domain classification mismatch.	Add 'saas.rocketadmin.com' to frontend saasHostnames arrays in environment.saas.ts and environment.saas-prod.ts to match backend PRIMARY_SAAS_DOMAINS.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: support multiple primary SaaS domains' clearly and concisely summarizes the main objective of the changeset—introducing support for multiple primary SaaS domains and consolidating domain configuration.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/multiple-primary-saas-domains

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

backend/src/helpers/constants/constants.ts (1)

319-325: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Duplicate APP_DOMAIN_ADDRESS in test mode.

Constants.APP_DOMAIN_ADDRESS is already added at line 320, then pushed again at line 322 when isTest() is true. Remove the duplicate to keep the array clean.

Proposed fix

 	APP_REQUEST_DOMAINS(): Array<string> {
 		const allowedDomains = [...Constants.PRIMARY_SAAS_DOMAINS, Constants.APP_DOMAIN_ADDRESS];
 		if (isTest()) {
-			allowedDomains.push('127.0.0.1', Constants.APP_DOMAIN_ADDRESS);
+			allowedDomains.push('127.0.0.1');
 		}
 		return allowedDomains;
 	},

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/src/helpers/constants/constants.ts` around lines 319 - 325, In the
APP_REQUEST_DOMAINS() method, the constant APP_DOMAIN_ADDRESS is being added to
the allowedDomains array twice: once in the initial array construction and again
in the push call within the isTest() condition. Remove the duplicate
APP_DOMAIN_ADDRESS from the push statement in the test block, keeping only the
'127.0.0.1' entry to avoid redundancy.

🧹 Nitpick comments (1)

backend/src/entities/user/use-cases/usual-login-use.case.ts (1)

156-156: 💤 Low value

Consider reusing APP_REQUEST_DOMAINS() to avoid duplication.

This array construction mirrors the logic in Constants.APP_REQUEST_DOMAINS(), which is already used at line 51 in this file. After fixing the duplicate entry bug in APP_REQUEST_DOMAINS(), consider calling it here instead:

-		const allowedDomains: Array<string> = [...Constants.PRIMARY_SAAS_DOMAINS, Constants.APP_DOMAIN_ADDRESS];
+		const allowedDomains: Array<string> = Constants.APP_REQUEST_DOMAINS();

This keeps both code paths in sync and reduces maintenance overhead when domains change.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/src/entities/user/use-cases/usual-login-use.case.ts` at line 156, The
allowedDomains array construction is duplicating logic that already exists in
Constants.APP_REQUEST_DOMAINS(). Replace the direct array construction that
combines Constants.PRIMARY_SAAS_DOMAINS and Constants.APP_DOMAIN_ADDRESS with a
call to Constants.APP_REQUEST_DOMAINS() instead. This eliminates code
duplication and ensures both code paths remain synchronized when domain
configurations change in the future.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@backend/src/helpers/constants/constants.ts`:
- Around line 319-325: In the APP_REQUEST_DOMAINS() method, the constant
APP_DOMAIN_ADDRESS is being added to the allowedDomains array twice: once in the
initial array construction and again in the push call within the isTest()
condition. Remove the duplicate APP_DOMAIN_ADDRESS from the push statement in
the test block, keeping only the '127.0.0.1' entry to avoid redundancy.

---

Nitpick comments:
In `@backend/src/entities/user/use-cases/usual-login-use.case.ts`:
- Line 156: The allowedDomains array construction is duplicating logic that
already exists in Constants.APP_REQUEST_DOMAINS(). Replace the direct array
construction that combines Constants.PRIMARY_SAAS_DOMAINS and
Constants.APP_DOMAIN_ADDRESS with a call to Constants.APP_REQUEST_DOMAINS()
instead. This eliminates code duplication and ensures both code paths remain
synchronized when domain configurations change in the future.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 72b43d14-39ea-4ee7-9b04-f5cecd510cb1

📥 Commits

Reviewing files that changed from the base of the PR and between 867fc5a and 5efdc5e.

📒 Files selected for processing (5)

• backend/src/entities/user/use-cases/usual-login-use.case.ts
• backend/src/helpers/constants/constants.ts
• backend/src/main.ts
• frontend/src/environments/environment.saas-prod.ts
• frontend/src/environments/environment.saas.ts