From dcfe9c48d7cc694c3b8247fa3d0f135718944b59 Mon Sep 17 00:00:00 2001
From: Zicklag <zicklag@katharostech.com>
Date: Fri, 20 Dec 2024 09:10:30 -0600
Subject: [PATCH] fix: generate wildcard certificates for public suffixes in
 traefik.

This will allow us to show proper 404 pages with valid certs
for unregistered user subdomains.
---
 .../(internal)/__internal__/traefik-config/+server.ts  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/routes/(internal)/__internal__/traefik-config/+server.ts b/src/routes/(internal)/__internal__/traefik-config/+server.ts
index a43cd29..af8645d 100644
--- a/src/routes/(internal)/__internal__/traefik-config/+server.ts
+++ b/src/routes/(internal)/__internal__/traefik-config/+server.ts
@@ -1,13 +1,17 @@
 import { env } from '$env/dynamic/private';
+import { env as pubenv } from '$env/dynamic/public';
 import { usernames } from '$lib/usernames/index';
 import { json, type RequestHandler } from '@sveltejs/kit';
 
 export const GET: RequestHandler = async () => {
 	try {
-		const domains: string[] = [];
+		const domains: Set<string> = new Set();
+		domains.add('*.' + pubenv.PUBLIC_USER_DOMAIN_PARENT);
 		for await (const user of usernames.list()) {
 			if (user.username) {
-				domains.push(user.username);
+				if (!user.username.endsWith(pubenv.PUBLIC_USER_DOMAIN_PARENT)) {
+					domains.add(user.username);
+				}
 			}
 		}
 
@@ -15,7 +19,7 @@ export const GET: RequestHandler = async () => {
 			[key: string]: { rule: string; tls?: { certResolver: string }; service: string };
 		} = {};
 		for (const domain of domains) {
-			const routerName = `${env.TRAEFIK_CONFIG_NAMESPACE}-rtr-${domain.replaceAll('.', '-')}`;
+			const routerName = `${env.TRAEFIK_CONFIG_NAMESPACE}-rtr-${domain.replaceAll(/[^a-zA-Z0-9]/g, '-')}`;
 			routers[routerName] = {
 				rule: `Host(\`${domain}\`)`,
 				service: env.TRAEFIK_CONFIG_SERVICE_NAME,