From 6b77a96d52941c4a4153b8224df272837485edbe Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sat, 25 Apr 2026 16:34:00 +0200
Subject: [PATCH] fix: handle special characters in passwords during setup

- Logto entrypoint builds DB_URL from PG_USER/PG_PASSWORD/PG_HOST with
  URL-encoding via node's encodeURIComponent, instead of embedding the
  raw password in the connection string
- Installer submodule updated: passwords single-quoted in .env/.conf

Fixes SMTP and DB auth failures when passwords contain $, &, ;, [, etc.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker/cameleer-logto/logto-entrypoint.sh | 8 ++++++++
 installer                                 | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docker/cameleer-logto/logto-entrypoint.sh b/docker/cameleer-logto/logto-entrypoint.sh
index 98ece84..3cbecd5 100644
--- a/docker/cameleer-logto/logto-entrypoint.sh
+++ b/docker/cameleer-logto/logto-entrypoint.sh
@@ -1,6 +1,14 @@
 #!/bin/sh
 set -e
 
+# Build DB_URL from individual env vars so passwords with special characters
+# are properly URL-encoded (Logto only accepts a connection string)
+if [ -z "$DB_URL" ]; then
+  ENCODED_PW=$(node -e "process.stdout.write(encodeURIComponent(process.env.PG_PASSWORD || ''))")
+  export DB_URL="postgres://${PG_USER:-cameleer}:${ENCODED_PW}@${PG_HOST:-localhost}:5432/logto"
+  echo "[entrypoint] Built DB_URL from PG_USER/PG_PASSWORD/PG_HOST"
+fi
+
 # Save the real public endpoints for after bootstrap
 REAL_ENDPOINT="$ENDPOINT"
 REAL_ADMIN_ENDPOINT="$ADMIN_ENDPOINT"
diff --git a/installer b/installer
index 528c6d1..4380aa7 160000
--- a/installer
+++ b/installer
@@ -1 +1 @@
-Subproject commit 528c6d1980c884123bddd92dcb5d2bbb72f05339
+Subproject commit 4380aa790d2cfdc228fac0fd40ba80ec691a0ce7