fix: restore booking flow + remember last to-Jerusalem station#3
Open
yomach wants to merge 1 commit into
Open
Conversation
Author
|
@idshklein |
yomach
added a commit
to yomach/train_ticket
that referenced
this pull request
May 9, 2026
…L_DEV.md Personal-fork dev helpers that aren't part of the upstream PR (idshklein#3). Lets the FE on http://localhost:8000 talk to a wrangler-dev worker on http://localhost:8787 without touching the production code path. - app.js: API_BASE reads from localStorage("apiBase"), falling back to the production worker URL. No-op for prod users. - worker.js: ALLOWED_ORIGINS expanded with localhost:8000 / 127.0.0.1:8000; added Vary: Origin since the allowed list is now multi-valued. - LOCAL_DEV.md: architecture, run-locally recipe, diagnosis guide for the next time rail.co.il rotates its API. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The upstream rail.co.il API rotated routes, request bodies, and the response envelope, breaking the entire booking flow. API changes (frontend): - POST /TripReservation/SendOtp → /Otp/Send - POST /TripReservation/VerifyOtp → /Otp/Verify - /TripReservation/OrderSeatForTrip stays, but its body now requires systemTypeId:"2" (replaces sourceChannel:"web"), type:"phone" (replaces type:""), and languageId:"Hebrew". - All three OTP/order bodies now require languageId:"Hebrew". - Response envelope changed: result.result (string) → result.data.confirmationCode, with a sibling result.success boolean. Both call-sites (handleSubmit + handleOtpConfirm) updated. Proxy: - UPSTREAM trimmed to /common/api/v1 so the FE can address both /Otp/* and /TripReservation/* under one base path. - Strip Domain=rail.co.il from Set-Cookie headers before forwarding. Browsers reject foreign-domain cookies on the proxy host, which silently broke the authToken round-trip. Misc: - .wrangler/ added to .gitignore (wrangler dev local state cache). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The booking flow has been broken since rail.co.il rotated its API a few days ago. This PR restores it and adds a small UX win.
Fix — frontend (
app.js)Three things changed upstream:
/TripReservation/SendOtp/Otp/Send/TripReservation/VerifyOtp/Otp/VerifysourceChannel: "web"systemTypeId: "2"type"""phone"languageId"Hebrew"requireddata.result.result(string)data.result.data.confirmationCode+data.result.success(bool)Both call-sites (
handleSubmit,handleOtpConfirm) updated to read the new envelope.Fix — proxy (
cloudflare-worker/worker.js)UPSTREAMtrimmed to/common/api/v1so the FE can address/Otp/*and/TripReservation/*under one base.Set-Cookierewrite to stripDomain=rail.co.il. The upstream now (or always?) emits cookies withDomain=rail.co.il, which browsers reject on the proxy host (*.workers.dev). Without the rewrite, theauthTokencookie set byOtp/Verifynever persists on the proxy origin and the subsequentOrderSeatForTripfalls back to a 401 loop.Feature — remember last "אל ירושלים" station
Most riders use the same home station every time. When direction is
to-jerusalem, the picked station is stored in a 1-year cookie (lastToJerusalemStation) and used as the default on the next visit. The remembered value beats the previously-shown dropdown value (which after a direction toggle is usually the from-jerusalem destination — that would otherwise mask the saved preference). Not applied tofrom-jerusalemsince destinations vary much more there.Misc
.wrangler/added to.gitignore(wrangler dev's local state cache).Test plan
npm test(7/7 pass — no test changes; existing tests still coverbooking-helpersand the worker status page).npx wrangler dev+ a static server, full booking flow with a real phone, OTP sent, code verified,confirmationCoderendered as QR.🤖 Generated with Claude Code