esdras/sistema-de-chamados
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(desktop): protecao extra contra localhost em redirects

Browse source 
- Adicionar verificacao final antes de window.location.href
- Substituir localhost por URL de producao como fallback
- Adicionar logs de debug para diagnostico

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
rever-tecnologia 2025-12-09 13:27:03 -03:00
parent 1249b4ec26
commit 0a55c2e66c
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apps/desktop/src/main.tsx
View file

@ -1218,7 +1218,10 @@ const resolvedAppUrl = useMemo(() => {
} catch {}
const persona = (data.persona ?? "collaborator").toLowerCase() === "manager" ? "manager" : "collaborator"
const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/tickets"
const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(data.machineToken)}&redirect=${encodeURIComponent(redirectTarget)}`
// Proteção extra: nunca usar localhost em produção
const safeAppUrl = resolvedAppUrl.includes("localhost") ? "https://tickets.esdrasrenan.com.br" : resolvedAppUrl
const url = `${safeAppUrl}/machines/handshake?token=${encodeURIComponent(data.machineToken)}&redirect=${encodeURIComponent(redirectTarget)}`
logDesktop("register:redirect", { url: url.replace(/token=[^&]+/, "token=***") })
window.location.href = url
} catch (err) {
setError(err instanceof Error ? err.message : String(err))
@ -1348,7 +1351,10 @@ const resolvedAppUrl = useMemo(() => {
const persona = (config?.accessRole ?? "collaborator") === "manager" ? "manager" : "collaborator"
// Envia para a página inicial apropriada após autenticar cookies/sessão
const redirectTarget = persona === "manager" ? "/dashboard" : "/portal/tickets"
const url = `${resolvedAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
// Proteção extra: nunca usar localhost em produção
const safeAppUrl = resolvedAppUrl.includes("localhost") ? "https://tickets.esdrasrenan.com.br" : resolvedAppUrl
const url = `${safeAppUrl}/machines/handshake?token=${encodeURIComponent(token)}&redirect=${encodeURIComponent(redirectTarget)}`
logDesktop("openSystem:redirect", { url: url.replace(/token=[^&]+/, "token=***") })
window.location.href = url
}, [token, config?.accessRole, config?.machineId, resolvedAppUrl, store])