fix: proxy token failing because of Host header

[kernelwhisperer]

Fixes a problem causing our proxy to fail affecting token search (in cowswap) and token price graph (in cow-fi):

Context: https://nomevlabs.slack.com/archives/C036PMLUPQF/p1771413120954169

daniel in bff on  fix/token-proxy [!] via ⬢ v22.19.0 is 📦 0.24.0 
➜                                                            
    curl 'https://api.uniswap.org/v1/graphql' \
    -H 'content-type: application/json' \
    -H 'Origin: https://app.uniswap.org' \
    -H 'Host: cow.fi' \
    --data-raw '{"query":"query SearchTokensWeb($searchQuery: String!, $chains: [Chain!]) { searchTokens(searchQuery: $searchQuery, chains: $chains) { id address chain symbol name decimals standard project { id name logoUrl safetyLevel } } }","variables":{"searchQuery":"0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48","chains":["ETHEREUM"]}}'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: 4StopD2YxU_cCy7JR6Gm9sX48konCI_BQM5M-DO4n9OS3il5yRT2hA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>%

Summary by CodeRabbit

• Improvements

  • Enhanced proxy token request handling by adding proper Host header forwarding to ensure correct request routing and validation.

• Chores

  • Added PROXY_HOST environment variable configuration for proxy service deployment across API and containerized environments.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a new PROXY_HOST environment variable for the API. The variable is defined in the Fastify environment schema, supplied via docker-compose, and utilized in the proxy tokens route to set the Host header in rewritten requests.

Changes

Cohort / File(s)	Summary
Environment Configuration apps/api/src/app/plugins/env.ts, docker-compose.yml	Added PROXY_HOST environment variable definition in the Fastify schema and supplied it to the api service container.
Route Handler apps/api/src/app/routes/proxies/tokens/index.ts	Added Host header to rewritten request headers, setting it to PROXY_HOST from config alongside the existing Origin header.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested reviewers

• shoom3301

Poem

🐰✨ A proxy host hops into the fray,
New headers set in a bright new way,
From docker's nest to the schema's sight,
The rabbit applauds this config delight! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: adding a Host header to proxy token requests to fix a failing proxy issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/token-proxy

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/api/src/app/routes/proxies/tokens/index.ts (1)

14-19: ⚠️ Potential issue | 🟠 Major

Add validation guard for PROXY_HOST to match PROXY_UPSTREAM pattern.

Currently PROXY_UPSTREAM is guarded with an early return, but PROXY_HOST is not. While @fastify/http-proxy with the default undici backend silently omits undefined header values, inconsistent validation creates maintenance risk. If the proxy target requires the Host header or if the deployment uses the Node http.request backend (not undici), an undefined PROXY_HOST will either fail silently or throw ERR_HTTP_INVALID_HEADER_VALUE at runtime. For consistency and defense-in-depth, add an early return guard for PROXY_HOST (and consider PROXY_ORIGIN as well if it's expected to be mandatory).

Suggested fix

 const proxy: FastifyPluginAsync = async (fastify, opts): Promise<void> => {
   const upstream = fastify.config.PROXY_UPSTREAM;
+  const proxyHost = fastify.config.PROXY_HOST;
   if (!upstream) {
     fastify.log.warn('PROXY_UPSTREAM is not set. Skipping proxy.');
     return;
   }
+  if (!proxyHost) {
+    fastify.log.warn('PROXY_HOST is not set. Skipping proxy.');
+    return;
+  }

   fastify.register(httpProxy, {
     upstream,
     replyOptions: {
       rewriteRequestHeaders: (originalRequest: any, headers: any) => {
         return {
           ...headers,
           Origin: fastify.config.PROXY_ORIGIN,
-          Host: fastify.config.PROXY_HOST,
+          Host: proxyHost,
         };
       },
     },
   });
 };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/api/src/app/routes/proxies/tokens/index.ts` around lines 14 - 19, The
rewriteRequestHeaders function currently sets Origin and Host without validating
PROXY_HOST (and optionally PROXY_ORIGIN); add the same early-return guard used
for PROXY_UPSTREAM so the handler exits if PROXY_HOST is not defined (and treat
PROXY_ORIGIN as required if intended). Locate rewriteRequestHeaders in the
tokens route and before returning headers, check fastify.config.PROXY_HOST (and
fastify.config.PROXY_ORIGIN if mandatory) and return early (no proxy) when
missing to avoid injecting undefined headers and potential
ERR_HTTP_INVALID_HEADER_VALUE.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@apps/api/src/app/routes/proxies/tokens/index.ts`:
- Around line 14-19: The rewriteRequestHeaders function currently sets Origin
and Host without validating PROXY_HOST (and optionally PROXY_ORIGIN); add the
same early-return guard used for PROXY_UPSTREAM so the handler exits if
PROXY_HOST is not defined (and treat PROXY_ORIGIN as required if intended).
Locate rewriteRequestHeaders in the tokens route and before returning headers,
check fastify.config.PROXY_HOST (and fastify.config.PROXY_ORIGIN if mandatory)
and return early (no proxy) when missing to avoid injecting undefined headers
and potential ERR_HTTP_INVALID_HEADER_VALUE.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 59d1746 and 64d2fd3.

📒 Files selected for processing (3)

• apps/api/src/app/plugins/env.ts
• apps/api/src/app/routes/proxies/tokens/index.ts
• docker-compose.yml