Fix: Replace z.httpUrl() with z.url() for localhost compatibility

[taheerahmed]

Summary

• Replaces z.httpUrl() with z.url() in the auth confirm route and shared ConfirmEmailInputSchema
• z.httpUrl() rejects localhost URLs, causing Zod validation errors during local development email verification
• z.url() validates URL structure while accepting localhost — production URLs (https://e2b.dev/...) continue to pass

Why this is safe

The Zod schema is only responsible for validating that next is a syntactically valid URL. The actual redirect security is handled downstream:

• isExternalOrigin() checks reject or reroute requests with a different origin
• buildRedirectUrl() reconstructs the redirect using the dashboard's own origin, only preserving pathname and search params

So switching from z.httpUrl() to z.url() does not weaken security.

Validation

URL	z.httpUrl() (before)	z.url() (after)
http://localhost:3000/dashboard	FAIL	PASS
https://e2b.dev/dashboard	PASS	PASS
not-a-url	FAIL	FAIL
(empty)	FAIL	FAIL

Files changed

• src/server/api/models/auth.models.ts — ConfirmEmailInputSchema.next
• src/app/api/auth/confirm/route.ts — confirmSchema.next

Closes #241

[vercel]

@taheerahmed is attempting to deploy a commit to the E2B Team on Vercel.

A member of the Team first needs to authorize it.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e30060e057

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".