Harden admin auth gate and remove body backdrop

This commit is contained in:
Dorian
2026-05-15 18:51:10 -05:00
parent 1e73bbf2c0
commit a37ada3146
3 changed files with 54 additions and 50 deletions

View File

@@ -352,7 +352,7 @@ const requireAdmin = (req, res) => {
return false
}
if (!isAdminPubkey(getAuthPubkey(req))) {
json(res, 403, { error: 'Admin access required.' })
json(res, 403, { error: 'This npub is not an admin. Please request access and we will authorise it if you are permissioned.' })
return false
}
return true
@@ -1093,7 +1093,7 @@ const handleApi = async (req, res) => {
if (req.method === 'GET' && url.pathname === '/api/admin/events') {
if (!adminApiEnabled()) return json(res, 404, { error: 'Admin API is disabled on this deployment.' })
const pubkey = cleanText(url.searchParams.get('pubkey'), 80).toLowerCase()
if (!isAdminPubkey(pubkey)) return json(res, 403, { error: 'Admin access required.' })
if (!isAdminPubkey(pubkey)) return json(res, 403, { error: 'This npub is not an admin. Please request access and we will authorise it if you are permissioned.' })
res.writeHead(200, {
'Content-Type': 'text/event-stream',
'Cache-Control': 'no-store',