feat(admin): comprehensive admin interface (users, tunnels, metrics, audit, reserved subdomains)
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'. - lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes) - middleware.ts: defense-in-depth /admin and /api/admin guarding - API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains - Self-lockout prevention (no self demote/ban/delete) - Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL) - admin_audit_log + reserved_subdomains migration (RLS on, service-role only) - Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
This commit is contained in:
Gerhard Scheikl
@@ -0,0 +1,48 @@
|
||||
import { redirect } from 'next/navigation';
|
||||
import { NextResponse } from 'next/server';
|
||||
import type { User } from '@supabase/supabase-js';
|
||||
import { createSupabaseServerClient } from '@/lib/supabase/server';
|
||||
|
||||
export function isAdmin(user: User | null | undefined): boolean {
|
||||
return user?.app_metadata?.role === 'admin';
|
||||
}
|
||||
|
||||
/**
|
||||
* For server components / pages. Redirects to /login if unauthenticated,
|
||||
* or /dashboard if authenticated but not an admin (does not leak /admin).
|
||||
*/
|
||||
export async function requireAdmin(): Promise<User> {
|
||||
const supabase = createSupabaseServerClient();
|
||||
const {
|
||||
data: { user },
|
||||
} = await supabase.auth.getUser();
|
||||
if (!user) redirect('/login');
|
||||
if (!isAdmin(user)) redirect('/dashboard');
|
||||
return user;
|
||||
}
|
||||
|
||||
/**
|
||||
* For route handlers. Returns the authenticated admin user, or a NextResponse
|
||||
* (401 when no session, 403 when not admin) that the caller must return.
|
||||
*/
|
||||
export async function requireAdminApi(): Promise<
|
||||
{ ok: true; user: User } | { ok: false; response: NextResponse }
|
||||
> {
|
||||
const supabase = createSupabaseServerClient();
|
||||
const {
|
||||
data: { user },
|
||||
} = await supabase.auth.getUser();
|
||||
if (!user) {
|
||||
return {
|
||||
ok: false,
|
||||
response: NextResponse.json({ error: 'unauthorized' }, { status: 401 }),
|
||||
};
|
||||
}
|
||||
if (!isAdmin(user)) {
|
||||
return {
|
||||
ok: false,
|
||||
response: NextResponse.json({ error: 'forbidden' }, { status: 403 }),
|
||||
};
|
||||
}
|
||||
return { ok: true, user };
|
||||
}
|
||||
@@ -0,0 +1,33 @@
|
||||
import type { User } from '@supabase/supabase-js';
|
||||
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
||||
|
||||
export type AuditEntry = {
|
||||
action: string;
|
||||
target_type?: string | null;
|
||||
target_id?: string | null;
|
||||
details?: Record<string, unknown>;
|
||||
};
|
||||
|
||||
/**
|
||||
* Best-effort audit logging. Never throws — a failed audit write must not
|
||||
* break the underlying admin operation.
|
||||
*/
|
||||
export async function logAdminAction(
|
||||
actor: User,
|
||||
entry: AuditEntry,
|
||||
): Promise<void> {
|
||||
try {
|
||||
const admin = getSupabaseAdmin();
|
||||
await admin.from('admin_audit_log').insert({
|
||||
actor_id: actor.id,
|
||||
actor_email: actor.email ?? null,
|
||||
action: entry.action,
|
||||
target_type: entry.target_type ?? null,
|
||||
target_id: entry.target_id ?? null,
|
||||
details: entry.details ?? {},
|
||||
});
|
||||
} catch (e) {
|
||||
// Swallow — audit failures should not surface to the client.
|
||||
console.error('[audit] failed to write audit log', e);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user