lashman/echoboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

both webauthn vars use punycode for internationalized domains

Browse Source
This commit is contained in:
lashman
2026-03-22 19:52:21 +02:00
parent d88fd52fbe
commit 9d0294d380
2 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.env.example
View File

@@ -13,9 +13,10 @@ JWT_SECRET=
ALTCHA_HMAC_KEY= ALTCHA_HMAC_KEY=
# WebAuthn / Passkey (set these to your actual domain) # WebAuthn / Passkey (set these to your actual domain)
# If your domain has non-ASCII characters (umlauts, accents, etc.): # If your domain has non-ASCII characters (umlauts, accents, etc.),
# RP_ID uses the unicode version: feedback.example.de # use the punycode version for BOTH RP_ID and ORIGIN:
# ORIGIN uses the punycode version: https://xn--feedbck-example.de # WEBAUTHN_RP_ID=xn--splung-4ya.ich-stuhle.de
# WEBAUTHN_ORIGIN=https://xn--splung-4ya.ich-stuhle.de
# You can find the punycode version by opening the domain in a browser and copying from the address bar. # You can find the punycode version by opening the domain in a browser and copying from the address bar.
WEBAUTHN_RP_NAME=Echoboard WEBAUTHN_RP_NAME=Echoboard
WEBAUTHN_RP_ID=example.com WEBAUTHN_RP_ID=example.com

4
packages/api/src/routes/admin/team.ts
View File

@@ -103,9 +103,7 @@ export default async function adminTeamRoutes(app: FastifyInstance) {
}, },
}); });
const protocol = config.WEBAUTHN_ORIGIN.startsWith("https") ? "https" : "http"; const inviteUrl = `${config.WEBAUTHN_ORIGIN}/admin/join/${token}`;
const prettyHost = config.WEBAUTHN_RP_ID || new URL(config.WEBAUTHN_ORIGIN).hostname;
const inviteUrl = `${protocol}://${prettyHost}/admin/join/${token}`;
reply.status(201).send({ inviteUrl, token, recoveryPhrase, expiresAt }); reply.status(201).send({ inviteUrl, token, recoveryPhrase, expiresAt });
} }
); );