From 33026a6ecd97c4c087848f6eb30f5c73963cc88b Mon Sep 17 00:00:00 2001
From: Mike Johnston <mike@nervesocket.com>
Date: Fri, 30 Jan 2026 22:32:45 -0500
Subject: [PATCH] fix domain

---
 backend/src/routes/admin.js  | 5 +----
 frontend/src/pages/Admin.jsx | 4 +++-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/backend/src/routes/admin.js b/backend/src/routes/admin.js
index 5a80b93..bdf918c 100644
--- a/backend/src/routes/admin.js
+++ b/backend/src/routes/admin.js
@@ -50,12 +50,9 @@ router.post('/generate-reset-token', verifyToken, requireAdmin, asyncHandler(asy
     [userId, token, req.user.userId, expiresAt]
   );
 
-  // Generate reset URL
-  const resetUrl = `${process.env.FRONTEND_URL || 'http://localhost:5173'}/reset-password/${token}`;
-
   res.json({
     success: true,
-    resetUrl,
+    token,
     user: {
       id: user.id,
       username: user.username,
diff --git a/frontend/src/pages/Admin.jsx b/frontend/src/pages/Admin.jsx
index 867df26..0582692 100644
--- a/frontend/src/pages/Admin.jsx
+++ b/frontend/src/pages/Admin.jsx
@@ -40,8 +40,10 @@ function Admin() {
   const handleGenerateResetToken = async (userId) => {
     try {
       const data = await api.generateResetToken(userId);
+      // Build URL using current domain (works in dev and prod)
+      const resetUrl = `${window.location.origin}/reset-password/${data.token}`;
       setGeneratedUrl({
-        url: data.resetUrl,
+        url: resetUrl,
         user: data.user,
         expiresAt: data.expiresAt
       });