fix forgot password and add runscripts

This commit is contained in:
root
2026-05-17 23:25:03 -04:00
parent f30f6e9796
commit 7ac0098c7f
16 changed files with 211 additions and 3 deletions
+20 -1
View File
@@ -316,6 +316,22 @@ router.post('/auth/2fa/verify', requireAdminAuth, async (req, res, next) => {
const ADMIN_RESET_TOKEN_TTL_MINUTES = 60
function ensureAppBasePath(baseUrl: string, basePath: string) {
try {
const url = new URL(baseUrl)
const normalizedPathname = url.pathname.replace(/\/$/, '')
if (normalizedPathname === basePath || normalizedPathname.endsWith(basePath)) {
return url.toString().replace(/\/$/, '')
}
url.pathname = `${normalizedPathname}${basePath}` || basePath
return url.toString().replace(/\/$/, '')
} catch {
const trimmed = baseUrl.replace(/\/$/, '')
return trimmed.endsWith(basePath) ? trimmed : `${trimmed}${basePath}`
}
}
router.post('/auth/forgot-password', async (req, res, next) => {
try {
const { email } = z.object({ email: z.string().email().max(255).trim().toLowerCase() }).parse(req.body)
@@ -330,7 +346,10 @@ router.post('/auth/forgot-password', async (req, res, next) => {
data: { passwordResetToken: rawToken, passwordResetExpiresAt: expiresAt },
})
const adminUrl = process.env.ADMIN_URL ?? 'http://localhost:3002'
const adminUrl = ensureAppBasePath(
process.env.ADMIN_URL ?? process.env.NEXT_PUBLIC_ADMIN_URL ?? 'http://localhost:3002/admin',
'/admin',
)
const resetUrl = `${adminUrl}/reset-password?token=${rawToken}`
await sendTransactionalEmail({
+20 -1
View File
@@ -10,6 +10,22 @@ const router = Router()
const RESET_TOKEN_TTL_MINUTES = 60
function ensureAppBasePath(baseUrl: string, basePath: string) {
try {
const url = new URL(baseUrl)
const normalizedPathname = url.pathname.replace(/\/$/, '')
if (normalizedPathname === basePath || normalizedPathname.endsWith(basePath)) {
return url.toString().replace(/\/$/, '')
}
url.pathname = `${normalizedPathname}${basePath}` || basePath
return url.toString().replace(/\/$/, '')
} catch {
const trimmed = baseUrl.replace(/\/$/, '')
return trimmed.endsWith(basePath) ? trimmed : `${trimmed}${basePath}`
}
}
function signEmployeeToken(employeeId: string) {
return jwt.sign(
{ sub: employeeId, type: 'employee' },
@@ -150,7 +166,10 @@ router.post('/forgot-password', async (req, res, next) => {
data: { passwordResetToken: rawToken, passwordResetExpiresAt: expiresAt },
})
const dashboardUrl = process.env.DASHBOARD_URL ?? 'http://localhost:3001'
const dashboardUrl = ensureAppBasePath(
process.env.DASHBOARD_URL ?? process.env.NEXT_PUBLIC_DASHBOARD_URL ?? 'http://localhost:3001/dashboard',
'/dashboard',
)
const resetUrl = `${dashboardUrl}/reset-password?token=${rawToken}`
await sendTransactionalEmail({