fixing link issues

backend/.env.example

@@ -23,10 +23,10 @@ SQLITE_STORAGE=./data/luckychit.sqlite
 
 JWT_SECRET=change-me-in-production
 
-# Public draw links (/share/draw/...): origin WITHOUT /api. Optional if Nginx sends Host + X-Forwarded-Proto.
+# Public draw links: /share/draw?t=<jwt> (origin WITHOUT /api). Optional if Nginx sends Host + X-Forwarded-Proto.
 # PUBLIC_BASE_URL=https://your-domain.com
 
-# Signed tokens for /share/draw/:token — defaults to permanent links (no JWT expiry)
+# Signed tokens for /share/draw — defaults to permanent links (no JWT expiry)
 # Set to false to use SHARE_TOKEN_TTL_DAYS instead
 # SHARE_DRAW_PERMANENT_LINKS=true
 # SHARE_TOKEN_TTL_DAYS=365

backend/src/routes/publicShare.js

@@ -25,12 +25,10 @@ function formatInr(amount) {
 }
 
 /**
- * Public, unauthenticated page — opened via signed token from POST /api/share/draw-link.
+ * Render public draw page from signed JWT (same secret as POST /api/share/draw-link).
- * Anyone with the link can view draw results (no login).
+ * Token in query avoids ENAMETOOLONG / proxy issues from huge path segments.
  */
-router.get('/draw/:token', async (req, res) => {
+async function renderDrawSharePage(req, res, token) {
-  try {
-    const { token } = req.params;
   const shareSecret = process.env.SHARE_TOKEN_SECRET || process.env.JWT_SECRET;
   if (!shareSecret) {
     return res.status(500).send('Share is not configured.');
@@ -139,6 +137,37 @@ router.get('/draw/:token', async (req, res) => {
   res.setHeader('Content-Type', 'text/html; charset=utf-8');
   res.setHeader('Cache-Control', 'public, max-age=300');
   return res.status(200).send(html);
+}
+
+/**
+ * Preferred: GET /share/draw?t=<jwt> — short path; avoids ENAMETOOLONG behind Nginx/static rules.
+ */
+router.get('/draw', async (req, res) => {
+  try {
+    const raw = req.query.t ?? req.query.token;
+    const token = typeof raw === 'string' ? raw.trim() : '';
+    if (!token) {
+      return res
+        .status(400)
+        .send('Missing token. Use the full link from WhatsApp (it should include ?t=…).');
+    }
+    return await renderDrawSharePage(req, res, token);
+  } catch (error) {
+    console.error('Public draw share error:', error);
+    return res.status(500).send('Server error.');
+  }
+});
+
+/**
+ * Legacy: GET /share/draw/:token — may fail on some hosts (path segment too long → ENAMETOOLONG).
+ */
+router.get('/draw/:token', async (req, res) => {
+  try {
+    const token = String(req.params.token || '').trim();
+    if (!token) {
+      return res.status(400).send('Missing token.');
+    }
+    return await renderDrawSharePage(req, res, token);
   } catch (error) {
     console.error('Public draw share error:', error);
     return res.status(500).send('Server error.');

backend/src/routes/share.js

@@ -159,7 +159,8 @@ router.post('/draw-link', auth, requireManager, async (req, res) => {
           'PUBLIC_BASE_URL not configured (set to your site origin without /api, e.g. https://chitfund.deepteklabs.com)'
       });
     }
-    const shareUrl = `${publicBaseUrl}/share/draw/${token}`;
+    // Query param keeps URL path short (avoids ENAMETOOLONG / static-file lookup on long JWT paths).
+    const shareUrl = `${publicBaseUrl}/share/draw?t=${encodeURIComponent(token)}`;
 
     const message = WhatsAppHelper.generateDrawResult(
       draw.ChitGroup,