fix: adminOnly checks isAdmin flag from stored tokens

2026-03-28 03:37:43 +00:00
parent 08a88b5e06
commit 75f67c0b11
2 changed files with 2 additions and 2 deletions
--- a/src/middleware/auth.js
+++ b/src/middleware/auth.js
@@ -36,7 +36,7 @@ export async function authMiddleware(req, res, next) {

    req.token = token;
    req.tokenLabel = validToken.label;
-    req.isAdmin = token === config.adminToken;
+    req.isAdmin = validToken.isAdmin === true || token === config.adminToken;
    next();
  } catch (err) {
    if (err instanceof UnauthorizedError) {
--- a/src/routes/auth.js
+++ b/src/routes/auth.js
@@ -48,7 +48,7 @@ router.post('/token', authMiddleware, adminOnly, async (req, res) => {
    const token = `snk_${generateId().replace(/-/g, '')}`;
    const now = new Date().toISOString();

-    tokens.tokens.push({ token, label, createdAt: now });
+    tokens.tokens.push({ token, label, isAdmin: true, createdAt: now });
    writeTokens(tokens);

    res.status(201).json({ token, label, createdAt: now });