fix(cli): always use localhost for auth callback in browser login

When the app URL pointed to a remote private IP (e.g. 192.168.11.200), the CLI incorrectly used that IP as the callback host. The callback HTTP server runs on the CLI's local machine, but the browser redirect would target the remote server's IP on a random port that isn't open there — breaking the entire auth flow for remote self-hosted setups. Since openBrowser() always opens the browser on the same machine as the CLI, the callback must always target localhost. Closes #1056
2026-06-17 11:48:42 +02:00 · 2026-04-15 14:25:28 +08:00
1 changed files with 4 additions and 13 deletions
--- a/server/cmd/multica/cmd_auth.go
+++ b/server/cmd/multica/cmd_auth.go
@@ -98,21 +98,12 @@ func runAuthLoginBrowser(cmd *cobra.Command) error {
 	serverURL := resolveServerURL(cmd)
 	appURL := resolveAppURL(cmd)

-	// Determine the callback host from the configured app URL.
-	// For self-hosted setups where the browser is on a different machine
-	// (e.g. Multica running on a LAN server), use the server's private IP
-	// so the browser can reach the CLI's local HTTP server.
-	// For production (public hostnames like multica.ai), keep localhost —
-	// the browser and CLI are on the same machine.
+	// The callback always targets localhost because the browser is opened on
+	// the same machine as the CLI (via openBrowser).  Even when the Multica
+	// server is on a remote LAN host, the browser-side redirect must reach
+	// the CLI's local HTTP server, not the remote server.
 	callbackHost := "localhost"
 	bindAddr := "127.0.0.1"
-	if parsed, err := url.Parse(appURL); err == nil {
-		h := parsed.Hostname()
-		if ip := net.ParseIP(h); ip != nil && ip.IsPrivate() {
-			callbackHost = h
-			bindAddr = "0.0.0.0"
-		}
-	}

 	// Start a local HTTP server on a random port to receive the callback.
 	listener, err := net.Listen("tcp", bindAddr+":0")