fix: Add production fallbacks for API and WebSocket URLs

backend/internal/handlers/websocket.go

@@ -4,6 +4,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/M1ngdaXie/realtime-collab/internal/auth"
 	"github.com/M1ngdaXie/realtime-collab/internal/hub"
@@ -17,16 +18,20 @@ var upgrader = websocket.Upgrader{
 	ReadBufferSize:  1024,
 	WriteBufferSize: 1024,
 	CheckOrigin: func(r *http.Request) bool {
-		// Check origin against allowed origins from environment
+		origin := r.Header.Get("Origin")
 		allowedOrigins := os.Getenv("ALLOWED_ORIGINS")
 		if allowedOrigins == "" {
 			// Default for development
-			origin := r.Header.Get("Origin")
 			return origin == "http://localhost:5173" || origin == "http://localhost:3000"
 		}
 		// Production: validate against ALLOWED_ORIGINS
-		// TODO: Parse and validate origin
+		origins := strings.Split(allowedOrigins, ",")
+		for _, allowed := range origins {
+			if strings.TrimSpace(allowed) == origin {
 				return true
+			}
+		}
+		return false
 	},
 }
 

frontend/src/api/client.ts

@@ -1,4 +1,4 @@
-const API_BASE_URL = import.meta.env.VITE_API_URL || "http://localhost:8080/api";
+const API_BASE_URL = import.meta.env.VITE_API_URL || "https://docnest-backend-mingda.fly.dev";
 
 export async function authFetch(url: string, options?: RequestInit): Promise<Response> {
   const token = localStorage.getItem('auth_token');

frontend/src/lib/yjs.ts

@@ -4,7 +4,7 @@ import { WebsocketProvider } from "y-websocket";
 import * as Y from "yjs";
 import { documentsApi } from "../api/document";
 
-const WS_URL = import.meta.env.VITE_WS_URL;
+const WS_URL = import.meta.env.VITE_WS_URL || "wss://docnest-backend-mingda.fly.dev";
 
 export interface YjsProviders {
   ydoc: Y.Doc;