LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(admin): fresh SSR reads, atomic user delete + sanitized errors, cookie-rotation in middleware, no-store on admin APIs

Browse Source
This commit is contained in:
Gerhard Scheikl
2026-05-31 13:15:56 +02:00
parent 61bf6c013c
commit 535b2ef202
23 changed files with 180 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/auth/admin-guard.ts
+4 -3
View File
@@ -1,7 +1,8 @@
import { redirect } from 'next/navigation';
import { NextResponse } from 'next/server';
import type { NextResponse } from 'next/server';
import type { User } from '@supabase/supabase-js';
import { createSupabaseServerClient } from '@/lib/supabase/server';
import { jsonNoStore } from '@/lib/admin/response';
export function isAdmin(user: User | null | undefined): boolean {
return user?.app_metadata?.role === 'admin';
@@ -35,13 +36,13 @@ export async function requireAdminApi(): Promise<
if (!user) {
return {
ok: false,
response: NextResponse.json({ error: 'unauthorized' }, { status: 401 }),
response: jsonNoStore({ error: 'unauthorized' }, { status: 401 }),
};
}
if (!isAdmin(user)) {
return {
ok: false,
response: NextResponse.json({ error: 'forbidden' }, { status: 403 }),
response: jsonNoStore({ error: 'forbidden' }, { status: 403 }),
};
}
return { ok: true, user };