Harden admin auth gate and remove body backdrop
This commit is contained in:
@@ -352,7 +352,7 @@ const requireAdmin = (req, res) => {
|
||||
return false
|
||||
}
|
||||
if (!isAdminPubkey(getAuthPubkey(req))) {
|
||||
json(res, 403, { error: 'Admin access required.' })
|
||||
json(res, 403, { error: 'This npub is not an admin. Please request access and we will authorise it if you are permissioned.' })
|
||||
return false
|
||||
}
|
||||
return true
|
||||
@@ -1093,7 +1093,7 @@ const handleApi = async (req, res) => {
|
||||
if (req.method === 'GET' && url.pathname === '/api/admin/events') {
|
||||
if (!adminApiEnabled()) return json(res, 404, { error: 'Admin API is disabled on this deployment.' })
|
||||
const pubkey = cleanText(url.searchParams.get('pubkey'), 80).toLowerCase()
|
||||
if (!isAdminPubkey(pubkey)) return json(res, 403, { error: 'Admin access required.' })
|
||||
if (!isAdminPubkey(pubkey)) return json(res, 403, { error: 'This npub is not an admin. Please request access and we will authorise it if you are permissioned.' })
|
||||
res.writeHead(200, {
|
||||
'Content-Type': 'text/event-stream',
|
||||
'Cache-Control': 'no-store',
|
||||
|
||||
Reference in New Issue
Block a user