proyectos/simplenote-web
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: adminOnly checks isAdmin flag from stored tokens

Browse Source
This commit is contained in:
Hiro
2026-03-28 03:37:43 +00:00
parent 08a88b5e06
commit 75f67c0b11
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/middleware/auth.js
View File

@@ -36,7 +36,7 @@ export async function authMiddleware(req, res, next) {
req.token = token; req.token = token;
req.tokenLabel = validToken.label; req.tokenLabel = validToken.label;
req.isAdmin = token === config.adminToken; req.isAdmin = validToken.isAdmin === true || token === config.adminToken;
next(); next();
} catch (err) { } catch (err) {
if (err instanceof UnauthorizedError) { if (err instanceof UnauthorizedError) {

2
src/routes/auth.js
View File

@@ -48,7 +48,7 @@ router.post('/token', authMiddleware, adminOnly, async (req, res) => {
const token = `snk_${generateId().replace(/-/g, '')}`; const token = `snk_${generateId().replace(/-/g, '')}`;
const now = new Date().toISOString(); const now = new Date().toISOString();
tokens.tokens.push({ token, label, createdAt: now }); tokens.tokens.push({ token, label, isAdmin: true, createdAt: now });
writeTokens(tokens); writeTokens(tokens);
res.status(201).json({ token, label, createdAt: now }); res.status(201).json({ token, label, createdAt: now });