feat: add password reset page and simplify frontend URL generation

secus · secus · commit 920925fdf4e9 · 2025-09-26T11:31:34.000+07:00
- Add ResetPasswordPage component with proper validation and UI - Simplify get_frontend_url() to always return production domain https://decenter.run - Add /reset-password route to App.tsx for handling password reset links from email - Remove complex environment detection logic for consistent production URLs
diff --git a/apps/container-engine-frontend/src/App.tsx b/apps/container-engine-frontend/src/App.tsx
@@ -4,6 +4,7 @@ import { AuthProvider } from './context/AuthContext';
 import { NotificationProvider } from './context/NotificationContext';
 import LandingPage from './pages/LandingPage';
 import AuthPage from './pages/AuthPage';
+import ResetPasswordPage from './pages/ResetPasswordPage';
 import DashboardPage from './pages/DashboardPage';
 import DeploymentsPage from './pages/DeploymentsPage';
 import NewDeploymentPage from './pages/NewDeploymentPage';
@@ -30,6 +31,7 @@ function App() {
             <Routes>
               <Route path="/" element={<LandingPage />} /> 
               <Route path="/auth" element={<AuthPage />} />
+              <Route path="/reset-password" element={<ResetPasswordPage />} />
               <Route path="/features" element={<FeaturesPage />} />
               <Route path="/documentation" element={<DocumentationPage />} />
               <Route path="/privacy" element={<PrivacyPolicyPage />} />
diff --git a/apps/container-engine-frontend/src/pages/ResetPasswordPage.tsx b/apps/container-engine-frontend/src/pages/ResetPasswordPage.tsx
@@ -0,0 +1,172 @@
+import React, { useState, useEffect } from 'react';
+import { useSearchParams, useNavigate } from 'react-router-dom';
+import { toast } from 'react-toastify';
+import api from '../api/api';
+
+const ResetPasswordPage: React.FC = () => {
+  const [searchParams] = useSearchParams();
+  const navigate = useNavigate();
+  const [formData, setFormData] = useState({
+    newPassword: '',
+    confirmPassword: '',
+  });
+  const [loading, setLoading] = useState(false);
+  const [isValidToken, setIsValidToken] = useState<boolean | null>(null);
+  const token = searchParams.get('token');
+
+  useEffect(() => {
+    if (!token) {
+      toast.error('Invalid reset link');
+      navigate('/auth');
+      return;
+    }
+    setIsValidToken(true);
+  }, [token, navigate]);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    
+    if (!token) {
+      toast.error('Invalid reset token');
+      return;
+    }
+
+    if (formData.newPassword !== formData.confirmPassword) {
+      toast.error('Passwords do not match');
+      return;
+    }
+
+    if (formData.newPassword.length < 8) {
+      toast.error('Password must be at least 8 characters long');
+      return;
+    }
+
+    setLoading(true);
+    try {
+      await api.post('/v1/auth/reset-password', {
+        token,
+        new_password: formData.newPassword,
+        confirm_password: formData.confirmPassword,
+      });
+
+      toast.success('Password reset successfully! You can now log in with your new password.');
+      navigate('/auth');
+    } catch (error: any) {
+      const errorMessage = error.response?.data?.message || 'Failed to reset password';
+      toast.error(errorMessage);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const handleChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    setFormData({
+      ...formData,
+      [e.target.name]: e.target.value,
+    });
+  };
+
+  if (isValidToken === null) {
+    return (
+      <div className="min-h-screen bg-gradient-to-br from-blue-50 to-indigo-100 flex items-center justify-center">
+        <div className="text-center">
+          <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-blue-600 mx-auto"></div>
+          <p className="mt-4 text-gray-600">Validating reset link...</p>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div className="min-h-screen bg-gradient-to-br from-blue-50 to-indigo-100 flex items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
+      <div className="max-w-md w-full space-y-8">
+        <div className="bg-white rounded-xl shadow-lg p-8">
+          <div className="text-center mb-8">
+            <img
+              src="/open-container-engine-logo.png"
+              alt="Open Container Engine"
+              className="h-12 w-auto mx-auto mb-4"
+            />
+            <h2 className="text-3xl font-bold text-gray-900">Reset Password</h2>
+            <p className="mt-2 text-gray-600">
+              Enter your new password below
+            </p>
+          </div>
+
+          <form onSubmit={handleSubmit} className="space-y-6">
+            <div>
+              <label htmlFor="newPassword" className="block text-sm font-medium text-gray-700 mb-2">
+                New Password
+              </label>
+              <input
+                id="newPassword"
+                name="newPassword"
+                type="password"
+                required
+                value={formData.newPassword}
+                onChange={handleChange}
+                className="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent transition-all duration-200"
+                placeholder="Enter your new password"
+                minLength={8}
+              />
+            </div>
+
+            <div>
+              <label htmlFor="confirmPassword" className="block text-sm font-medium text-gray-700 mb-2">
+                Confirm Password
+              </label>
+              <input
+                id="confirmPassword"
+                name="confirmPassword"
+                type="password"
+                required
+                value={formData.confirmPassword}
+                onChange={handleChange}
+                className="w-full px-4 py-3 border border-gray-300 rounded-lg focus:ring-2 focus:ring-blue-500 focus:border-transparent transition-all duration-200"
+                placeholder="Confirm your new password"
+                minLength={8}
+              />
+            </div>
+
+            <div className="space-y-4">
+              <button
+                type="submit"
+                disabled={loading}
+                className="w-full bg-blue-600 text-white py-3 px-4 rounded-lg hover:bg-blue-700 focus:ring-2 focus:ring-blue-500 focus:ring-offset-2 transition-all duration-200 font-medium disabled:opacity-50 disabled:cursor-not-allowed flex items-center justify-center"
+              >
+                {loading ? (
+                  <>
+                    <div className="animate-spin rounded-full h-5 w-5 border-b-2 border-white mr-2"></div>
+                    Resetting Password...
+                  </>
+                ) : (
+                  'Reset Password'
+                )}
+              </button>
+
+              <div className="text-center">
+                <button
+                  type="button"
+                  onClick={() => navigate('/auth')}
+                  className="text-blue-600 hover:text-blue-800 font-medium transition-colors duration-200"
+                >
+                  Back to Login
+                </button>
+              </div>
+            </div>
+          </form>
+
+          <div className="mt-6 p-4 bg-blue-50 rounded-lg">
+            <h4 className="text-sm font-medium text-blue-800 mb-2">Password Requirements:</h4>
+            <ul className="text-sm text-blue-700 space-y-1">
+              <li>• At least 8 characters long</li>
+              <li>• Must match the confirmation password</li>
+            </ul>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default ResetPasswordPage;
diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs
@@ -20,37 +20,9 @@ use crate::{
     error::AppError,
 };
 
-// Helper function to get frontend URL from headers or environment
-fn get_frontend_url(headers: &HeaderMap) -> String {
-    // Check if we're in production by looking at production domain env var
-    if let Ok(production_domain) = std::env::var("PRODUCTION_DOMAIN") {
-        // Try to get host from request headers
-        if let Some(host) = headers.get("host") {
-            if let Ok(host_str) = host.to_str() {
-                // If host matches production domain (decenter.run), use it
-                if host_str.contains("decenter.run") {
-                    return production_domain;
-                }
-                // If it's localhost or development, use frontend URL
-                else if host_str.contains("localhost") || host_str.contains("127.0.0.1") {
-                    return std::env::var("FRONTEND_BASE_URL")
-                        .unwrap_or_else(|_| "http://localhost:5173".to_string());
-                }
-                // For other domains (staging, etc), use HTTPS
-                else {
-                    return format!("https://{}", host_str);
-                }
-            }
-        }
-    }
-    
-    // Development fallback: try frontend base URL from env
-    if let Ok(frontend_url) = std::env::var("FRONTEND_BASE_URL") {
-        return frontend_url;
-    }
-    
-    // Final fallback
-    "http://localhost:5173".to_string()
+// Helper function to get frontend URL - always return production domain
+fn get_frontend_url(_headers: &HeaderMap) -> String {
+    "https://decenter.run".to_string()
 }
 
 #[utoipa::path(
@@ -465,6 +437,9 @@ pub async fn forgot_password(
     let frontend_base_url = get_frontend_url(&headers);
     let reset_url = format!("{}/reset-password?token={}", frontend_base_url, reset_token);
     
+    // Log for debugging
+    tracing::info!("Generated password reset URL: {} for user: {}", reset_url, user.email);
+    
     // Send password reset email
     
     if let Err(e) = state.email_service.send_password_reset_email(&user.email, &user.username, &reset_token, &reset_url) {
