From 130d867c45c74021e9cfe18d04a92424b3a7df9a Mon Sep 17 00:00:00 2001
From: "soroush.asadi" <soroush.asadi@aliasaas.com>
Date: Wed, 17 Jun 2026 00:28:01 +0330
Subject: [PATCH] diag: admin send-otp 404

---
 .gitea/workflows/diag.yml | 50 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .gitea/workflows/diag.yml

diff --git a/.gitea/workflows/diag.yml b/.gitea/workflows/diag.yml
new file mode 100644
index 0000000..ecc2824
--- /dev/null
+++ b/.gitea/workflows/diag.yml
@@ -0,0 +1,50 @@
+name: Diag
+on:
+  push:
+    branches: [diag/admin-otp]
+jobs:
+  otp:
+    name: "Diag · admin send-otp 404"
+    runs-on: self-hosted
+    timeout-minutes: 6
+    env:
+      PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+    steps:
+      - name: CDN vs origin for POST
+        run: |
+          set -eu
+          probe() { # $1=label $2=method $3=url
+            echo "--- $1: $2 $3 ---"
+            curl -sk -o /tmp/body -D /tmp/hdr -X "$2" "$3" \
+              -H 'content-type: application/json' -H 'origin: https://admin.meezi.ir' \
+              --data '{"phoneNumber":"09120000000"}' --max-time 15 \
+              -w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed"
+            grep -iE '^(server|wcdn-status|wcdn-nfc-reason|content-type):' /tmp/hdr | sed 's/^/  hdr: /' || true
+            echo "  body(head): $(head -c 160 /tmp/body | tr -d '\n')"
+            echo ""
+          }
+          echo "### Through public DNS (same path as the browser / WCDN edge) ###"
+          probe "ADMIN-API send-otp" POST  "https://admin-api.meezi.ir/api/admin/auth/send-otp"
+          probe "ADMIN-API send-otp GET" GET "https://admin-api.meezi.ir/api/admin/auth/send-otp"
+          probe "MAIN-API send-otp"  POST  "https://api.meezi.ir/api/auth/send-otp"
+
+          echo "### Bypass WCDN — hit the origin Caddy directly on the host ###"
+          # find the caddy/proxy container and its host-published 443, else use container IP
+          docker ps --format '{{.Names}}  {{.Image}}  {{.Ports}}' | grep -iE 'caddy|proxy|nginx|traefik' || true
+          CADDY=$(docker ps --format '{{.Names}}' | grep -iE 'caddy|proxy' | head -1 || true)
+          echo "caddy=$CADDY"
+          if [ -n "$CADDY" ]; then
+            IP=$(docker inspect "$CADDY" --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' | awk '{print $1}')
+            echo "caddy ip=$IP"
+            echo "--- ORIGIN admin-api POST (via --resolve to caddy) ---"
+            curl -sk -o /tmp/b2 -D /tmp/h2 -X POST "https://admin-api.meezi.ir/api/admin/auth/send-otp" \
+              --resolve "admin-api.meezi.ir:443:$IP" -H 'content-type: application/json' \
+              --data '{"phoneNumber":"09120000000"}' --max-time 15 \
+              -w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed"
+            grep -iE '^(server|content-type):' /tmp/h2 | sed 's/^/  hdr: /' || true
+            echo "  body(head): $(head -c 200 /tmp/b2 | tr -d '\n')"
+          fi
+          echo ""
+          echo "### admin-api container + did the POST reach the app? ###"
+          docker inspect meezi-admin-api --format 'state={{.State.Status}} restarts={{.RestartCount}} started={{.State.StartedAt}}' || true
+          docker logs meezi-admin-api --since 8m 2>&1 | grep -iE 'send-otp|auth' | tail -15 || echo "(no send-otp lines in admin-api logs → request never reached it)"