commit 34ceb85a6220962921316acba6f86c96eaf26eab · dunkirk.sh/thistle

+10

CRUSH.md

···

       6
       6
        
       

     

       7
       7
        
       **IMPORTANT**: Do NOT commit changes until the user explicitly asks you to commit. Always wait for user verification that changes are working correctly before making commits.

     

       8
       8
        
       

     

       9
       9
       +
       ## Environment Variables

     

       10
       10
       +
       

     

       11
       11
       +
       **CRITICAL**: Always use `process.env.ORIGIN` for generating URLs in emails and links, NOT hardcoded domains.

     

       12
       12
       +
       

     

       13
       13
       +
       - `ORIGIN` - The public URL of the application (e.g., `https://thistle.app` or `http://localhost:3000`)

     

       14
       14
       +
       - Used for: Email verification links, password reset links, any user-facing URLs

     

       15
       15
       +
       - Default: `http://localhost:3000` (development only)

     

       16
       16
       +
       

     

       17
       17
       +
       **Never hardcode domain names** like `https://thistle.app` in code - always use `process.env.ORIGIN`.

     

       18
       18
       +
       

     

       9
       19
        
       ## Project Info

     

       10
       20
        
       

     

       11
       21
        
       - Name: Thistle

+2 -3

src/index.ts

···

       633
       633
        
       					// Always return success to prevent email enumeration

     

       634
       634
        
       					const user = getUserByEmail(email);

     

       635
       635
        
       					if (user) {

     

       636
       636
       -
       						const origin =

     

       637
       637
       -
       							req.headers.get("origin") || "http://localhost:3000";

     

       636
       636
       +
       						const origin = process.env.ORIGIN || "http://localhost:3000";

     

       638
       637
        
       						const resetToken = createPasswordResetToken(user.id);

     

       639
       638
        
       						const resetLink = `${origin}/reset-password?token=${resetToken}`;

     

       640
       639
        
       

     
···

       2222
       2221
        
       					}

     

       2223
       2222
        
       

     

       2224
       2223
        
       					// Create password reset token

     

       2225
       2225
       -
       					const origin = req.headers.get("origin") || "http://localhost:3000";

     

       2224
       2224
       +
       					const origin = process.env.ORIGIN || "http://localhost:3000";

     

       2226
       2225
        
       					const resetToken = createPasswordResetToken(user.id);

     

       2227
       2226
        
       					const resetLink = `${origin}/reset-password?token=${resetToken}`;

     

       2228
       2227

+2 -2

src/lib/email-templates.ts

···

       96
       96
        
       

     

       97
       97
        
       export function verifyEmailTemplate(options: VerifyEmailOptions): string {

     

       98
       98
        
       	const greeting = options.name ? `Hi ${options.name}` : "Hi there";

     

       99
       99
       -
       	const domain = process.env.DOMAIN || "https://thistle.app";

     

       100
       100
       -
       	const verifyLink = `${domain}/api/auth/verify-email?token=${options.token}`;

     

       99
       99
       +
       	const origin = process.env.ORIGIN || "http://localhost:3000";

     

       100
       100
       +
       	const verifyLink = `${origin}/api/auth/verify-email?token=${options.token}`;

     

       101
       101
        
       

     

       102
       102
        
       	return `

     

       103
       103
        
       <!DOCTYPE html>