/** * Cloudflare Worker proxy for the FactsAI research API. * * Why: a static site can't call FactsAI directly — the API sends no * Access-Control-Allow-Origin (browser blocks it) and a client key would be * public. This worker holds the key server-side and adds CORS headers. * * Deploy: * 1) npm i -g wrangler && wrangler login * 2) wrangler secret put FACTSAI_KEY # paste the polyd_... key * 3) wrangler deploy proxy/factsai-worker.js --name quant-factsai * 4) set VITE_FACTSAI_PROXY=https://quant-factsai..workers.dev in .env.local, rebuild. * * Note: FactsAI must also fix their upstream 500 ("Service configuration error") * before real answers come back — this proxy only fixes CORS + key exposure. */ const ALLOW_ORIGIN = '*' // tighten to your domain in production export default { async fetch(request, env) { const cors = { 'Access-Control-Allow-Origin': ALLOW_ORIGIN, 'Access-Control-Allow-Methods': 'POST, OPTIONS', 'Access-Control-Allow-Headers': 'Content-Type', 'Access-Control-Max-Age': '86400', } if (request.method === 'OPTIONS') return new Response(null, { headers: cors }) if (request.method !== 'POST') { return new Response('Method not allowed', { status: 405, headers: cors }) } try { const body = await request.text() const upstream = await fetch('https://deep-research-api.degodmode3-33.workers.dev/answer', { method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${env.FACTSAI_KEY}`, }, body, }) const text = await upstream.text() return new Response(text, { status: upstream.status, headers: { ...cors, 'Content-Type': 'application/json' }, }) } catch (e) { return new Response(JSON.stringify({ success: false, error: String(e) }), { status: 502, headers: { ...cors, 'Content-Type': 'application/json' }, }) } }, }