From cdd04fe1852c3d983ece6dd34992ba31f42858df Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeff@jeffemmett.com>
Date: Thu, 19 Feb 2026 01:32:13 +0000
Subject: [PATCH] Fix EncryptID auth: add .well-known/webauthn + fix pingerName
 scope

1. WebAuthn Related Origins: rmaps.online was missing the
   .well-known/webauthn endpoint, so browsers couldn't use passkeys
   registered under RP ID "rspace.online" on rmaps.online. Added
   Next.js route handler returning { origins: ["https://rspace.online"] }.

2. Server: moved pingerName declaration before the WS message block
   (was inside the push block, causing ReferenceError on every ping).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/app/.well-known/webauthn/route.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 src/app/.well-known/webauthn/route.ts

diff --git a/src/app/.well-known/webauthn/route.ts b/src/app/.well-known/webauthn/route.ts
new file mode 100644
index 0000000..f2137f0
--- /dev/null
+++ b/src/app/.well-known/webauthn/route.ts
@@ -0,0 +1,12 @@
+import { NextResponse } from 'next/server';
+
+/**
+ * Related Origin Requests for WebAuthn
+ * Allows passkeys registered with RP ID "rspace.online" to be used on rmaps.online
+ * See: https://passkeys.dev/docs/advanced/related-origins/
+ */
+export async function GET() {
+  return NextResponse.json({
+    origins: ['https://rspace.online'],
+  });
+}