refactor(desktop): harden OAuth redirect rewrite for host variants and self-hosters

The interceptor previously matched a strict `${HOSTED_FRONTEND_URL}/*`
prefix and did a naive String.replace, which broke whenever the backend
NEXT_FRONTEND_URL differed at all (apex vs www, http vs https, or a
self-hosted domain). Now:

- Match by host: apex + www. sibling, both http and https.
- Rewrite via URL parsing so only protocol/host change; query strings
  containing the host as a value are left intact.
- Read HOSTED_FRONTEND_URL through getHostedFrontendUrl() which honors
  a SURFSENSE_HOSTED_FRONTEND_URL_OVERRIDE env var, letting self-hosters
  point their builds at their own frontend without rebuilding.

Default behavior is identical when override is unset and backend host
matches the baked-in value.

surfsense_desktop/.env.example

@@ -5,6 +5,11 @@
 # inside the desktop app. Set to your production frontend domain.
 HOSTED_FRONTEND_URL=https://surfsense.net
 
+# Runtime override for the above (read at app start, no rebuild required).
+# Useful for self-hosters whose backend NEXT_FRONTEND_URL differs from the
+# value baked into the official desktop builds. Leave empty to use HOSTED_FRONTEND_URL.
+# SURFSENSE_HOSTED_FRONTEND_URL_OVERRIDE=
+
 # PostHog analytics (leave empty to disable)
 POSTHOG_KEY=
 POSTHOG_HOST=https://assets.surfsense.com

surfsense_desktop/src/modules/window.ts

@@ -6,9 +6,26 @@ import { getServerPort } from './server';
 import { setActiveSearchSpaceId } from './active-search-space';
 
 const isDev = !app.isPackaged;
-const HOSTED_FRONTEND_URL = process.env.HOSTED_FRONTEND_URL as string;
 const isMac = process.platform === 'darwin';
 
+function getHostedFrontendUrl(): string {
+  return (
+    process.env.SURFSENSE_HOSTED_FRONTEND_URL_OVERRIDE ||
+    process.env.HOSTED_FRONTEND_URL ||
+    'https://surfsense.net'
+  );
+}
+
+function getHostedFrontendHosts(): string[] {
+  try {
+    const host = new URL(getHostedFrontendUrl()).host;
+    const sibling = host.startsWith('www.') ? host.slice(4) : `www.${host}`;
+    return Array.from(new Set([host, sibling]));
+  } catch {
+    return [];
+  }
+}
+
 let mainWindow: BrowserWindow | null = null;
 let isQuitting = false;
 
@@ -58,11 +75,22 @@ export function createMainWindow(initialPath = '/dashboard'): BrowserWindow {
     return { action: 'deny' };
   });
 
-  const filter = { urls: [`${HOSTED_FRONTEND_URL}/*`] };
+  const hostedHosts = getHostedFrontendHosts();
-  session.defaultSession.webRequest.onBeforeRequest(filter, (details, callback) => {
+  const rewriteFilter = {
-    const rewritten = details.url.replace(HOSTED_FRONTEND_URL, `http://localhost:${getServerPort()}`);
+    urls: hostedHosts.flatMap((h) => [`http://${h}/*`, `https://${h}/*`]),
-    callback({ redirectURL: rewritten });
+  };
-  });
+  if (rewriteFilter.urls.length > 0) {
+    session.defaultSession.webRequest.onBeforeRequest(rewriteFilter, (details, callback) => {
+      try {
+        const u = new URL(details.url);
+        u.protocol = 'http:';
+        u.host = `localhost:${getServerPort()}`;
+        callback({ redirectURL: u.toString() });
+      } catch {
+        callback({});
+      }
+    });
+  }
 
   mainWindow.webContents.on('did-fail-load', (_event, errorCode, errorDescription, validatedURL) => {
     console.error(`Failed to load ${validatedURL}: ${errorDescription} (${errorCode})`);