From 0a55c2e66c72bf830bb851d5ebf830f3f0704f57 Mon Sep 17 00:00:00 2001
From: rever-tecnologia <revertecnologia@gmail.com>
Date: Tue, 9 Dec 2025 13:27:03 -0300
Subject: [PATCH] fix(desktop): protecao extra contra localhost em redirects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Adicionar verificacao final antes de window.location.href
- Substituir localhost por URL de producao como fallback
- Adicionar logs de debug para diagnostico

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 apps/desktop/src/main.tsx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/desktop/src/main.tsx b/apps/desktop/src/main.tsx
index 84cff66..5d281d2 100644
--- a/apps/desktop/src/main.tsx
+++ b/apps/desktop/src/main.tsx
@@ -1218,7 +1218,10 @@ const resolvedAppUrl = useMemo(() => {
       } catch {}
       const persona = (data.persona ?? "collaborator").toLowerCase() === "manager" ? "manager" : "collaborator"
       const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/tickets"
-      const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(data.machineToken)}&redirect=${encodeURIComponent(redirectTarget)}`
+      // Proteção extra: nunca usar localhost em produção
+      const safeAppUrl = resolvedAppUrl.includes("localhost") ? "https://tickets.esdrasrenan.com.br" : resolvedAppUrl
+      const url = `${safeAppUrl}/machines/handshake?token=${encodeURIComponent(data.machineToken)}&redirect=${encodeURIComponent(redirectTarget)}`
+      logDesktop("register:redirect", { url: url.replace(/token=[^&]+/, "token=***") })
       window.location.href = url
     } catch (err) {
       setError(err instanceof Error ? err.message : String(err))
@@ -1348,7 +1351,10 @@ const resolvedAppUrl = useMemo(() => {
     const persona = (config?.accessRole ?? "collaborator") === "manager" ? "manager" : "collaborator"
     // Envia para a página inicial apropriada após autenticar cookies/sessão
     const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/tickets"
-    const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
+    // Proteção extra: nunca usar localhost em produção
+    const safeAppUrl = resolvedAppUrl.includes("localhost") ? "https://tickets.esdrasrenan.com.br" : resolvedAppUrl
+    const url = `${safeAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
+    logDesktop("openSystem:redirect", { url: url.replace(/token=[^&]+/, "token=***") })
     window.location.href = url
   }, [token, config?.accessRole, config?.machineId, resolvedAppUrl, store])