From 899d89ea13a33ef86010c453f96f1074e4618329 Mon Sep 17 00:00:00 2001
From: Ildar Nurislamov <absorbb@gmail.com>
Date: Tue, 19 Dec 2023 11:50:25 +0400
Subject: [PATCH] console: allow caddy issue certs for slug subdomains

---
 webapps/console/pages/api/admin/domains.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/webapps/console/pages/api/admin/domains.ts b/webapps/console/pages/api/admin/domains.ts
index 88899b2bc..6cd692876 100644
--- a/webapps/console/pages/api/admin/domains.ts
+++ b/webapps/console/pages/api/admin/domains.ts
@@ -2,6 +2,8 @@ import { Api, nextJsApiHandler } from "../../../lib/api";
 import { db } from "../../../lib/server/db";
 import { ApiError } from "../../../lib/shared/errors";
 
+//For Caddy to allow issuing certificates for a domain, it must be present in the domains array of a stream object.
+//or it must be a subdomain of the data domain
 export const api: Api = {
   GET: {
     auth: false,
@@ -14,6 +16,11 @@ export const api: Api = {
       if (!domain) {
         throw new ApiError("missing required parameter", {}, { status: 400 });
       }
+      const dataDomain = process.env.DATA_DOMAIN;
+      if (domain === dataDomain || domain.endsWith("." + dataDomain)) {
+        //data domain and subdomains are always allowed
+        return;
+      }
       const stream = await db.prisma().configurationObject.findFirst({
         where: {
           type: "stream",