From 65ab1cbdd456b7ac2ae5c3903e635756cae20a0e Mon Sep 17 00:00:00 2001
From: Anish Sarkar <104695310+AnishSarkar22@users.noreply.github.com>
Date: Wed, 24 Jun 2026 03:55:39 +0530
Subject: [PATCH] fix(desktop):route auth deep links safely

---
 surfsense_desktop/src/main.ts               | 2 ++
 surfsense_desktop/src/modules/deep-links.ts | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/surfsense_desktop/src/main.ts b/surfsense_desktop/src/main.ts
index 632758ba8..b2c5436f3 100644
--- a/surfsense_desktop/src/main.ts
+++ b/surfsense_desktop/src/main.ts
@@ -17,6 +17,7 @@ import {
   syncAutoLaunchOnStartup,
   wasLaunchedAtLogin,
 } from './modules/auto-launch';
+import { purgeLegacyAuthCutover } from './modules/auth-cutover';
 
 registerGlobalErrorHandlers();
 app.setName('SurfSense');
@@ -29,6 +30,7 @@ registerIpcHandlers();
 
 app.whenReady().then(async () => {
   initAnalytics();
+  await purgeLegacyAuthCutover();
   const launchedAtLogin = wasLaunchedAtLogin();
   const startedHidden = shouldStartHidden();
   trackEvent('desktop_app_launched', {
diff --git a/surfsense_desktop/src/modules/deep-links.ts b/surfsense_desktop/src/modules/deep-links.ts
index d4c0da467..296cf6a48 100644
--- a/surfsense_desktop/src/modules/deep-links.ts
+++ b/surfsense_desktop/src/modules/deep-links.ts
@@ -22,8 +22,7 @@ function handleDeepLink(url: string) {
     path: parsed.pathname,
   });
   if (parsed.hostname === 'auth' && parsed.pathname === '/callback') {
-    const params = parsed.searchParams.toString();
-    win.loadURL(`${getServerOrigin()}/auth/callback?${params}`);
+    win.loadURL(`${getServerOrigin()}/dashboard`);
   }
 
   win.show();