From 24fbbcb01c4b0165a2072707fbea74f203f6bb01 Mon Sep 17 00:00:00 2001 From: "soroush.asadi" Date: Wed, 17 Jun 2026 00:44:57 +0330 Subject: [PATCH] fix(admin): don't prefill a fake phone on the admin login in production MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The admin login OTP tab hard-coded phone "09120000001" as the initial value. In production that placeholder belongs to no SystemAdmin, so hitting "send code" returns NOT_FOUND → 404 (which WCDN then repaints as an HTML error page) — it looked like the login endpoint was broken. Keep the convenience prefill in development only; ship an empty field in production so the admin types their real number (e.g. the registered admin phone). Co-Authored-By: Claude Opus 4.8 --- web/admin/src/app/[locale]/admin/login/page.tsx | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/web/admin/src/app/[locale]/admin/login/page.tsx b/web/admin/src/app/[locale]/admin/login/page.tsx index 3f60047..7f420c1 100644 --- a/web/admin/src/app/[locale]/admin/login/page.tsx +++ b/web/admin/src/app/[locale]/admin/login/page.tsx @@ -23,8 +23,11 @@ export default function AdminLoginPage() { const [tab, setTab] = useState("otp"); - // OTP state - const [phone, setPhone] = useState("09120000001"); + // OTP state — never prefill a real-looking phone in production; a placeholder + // number sends the OTP to a non-existent admin and returns a confusing 404. + const [phone, setPhone] = useState( + process.env.NODE_ENV === "development" ? "09120000001" : "" + ); const [code, setCode] = useState(""); const [otpStep, setOtpStep] = useState<"phone" | "otp">("phone");