From 038c383bef3df52108fcba4c7e283622112d6683 Mon Sep 17 00:00:00 2001 From: chahinebrini Date: Wed, 3 Jun 2026 09:41:47 +0200 Subject: [PATCH] fix(magic): use hex for DNS token (AdGuard rejects base64url '_') MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit AdGuard validates client IDs as DNS labels: 'invalid clientid: bad hostname label rune'. base64url alphabet contains '_' which fails. Switch to hex (a-f, 0-9) — 32 bytes hex = 64 chars, 256-bit entropy, DNS-safe. --- backend/server/api/magic/register.post.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/backend/server/api/magic/register.post.ts b/backend/server/api/magic/register.post.ts index a52cdee..7ea6e0b 100644 --- a/backend/server/api/magic/register.post.ts +++ b/backend/server/api/magic/register.post.ts @@ -78,8 +78,10 @@ export default defineEventHandler(async (event) => { } } - // 3. Generiere DNS-Token (48 char base64url-safe) - const dnsToken = randomBytes(36).toString("base64url"); + // 3. Generiere DNS-Token (64 char hex) + // WICHTIG: hex statt base64url — AdGuard's clientid muss DNS-Label-konform sein, + // verbietet `_` (das base64url als Ersatz für `/` generiert) → 400 "bad hostname label rune". + const dnsToken = randomBytes(32).toString("hex"); // 4. Provisioniere AdGuard Client const adguardClientName = `magic_${deviceId}`;