Gerhard Scheikl
fb4880a1d9
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'. - lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes) - middleware.ts: defense-in-depth /admin and /api/admin guarding - API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains - Self-lockout prevention (no self demote/ban/delete) - Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL) - admin_audit_log + reserved_subdomains migration (RLS on, service-role only) - Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
32 lines
833 B
TypeScript
32 lines
833 B
TypeScript
import Link from 'next/link';
|
|
import { requireAdmin } from '@/lib/auth/admin-guard';
|
|
import { AdminNav } from './admin-nav';
|
|
|
|
export const dynamic = 'force-dynamic';
|
|
|
|
export default async function AdminLayout({
|
|
children,
|
|
}: {
|
|
children: React.ReactNode;
|
|
}) {
|
|
const user = await requireAdmin();
|
|
|
|
return (
|
|
<div className="admin-shell">
|
|
<aside className="admin-sidebar">
|
|
<div className="admin-brand">Admin</div>
|
|
<AdminNav />
|
|
<div className="admin-sidebar-footer">
|
|
<div className="muted" style={{ wordBreak: 'break-all' }}>
|
|
{user.email}
|
|
</div>
|
|
<Link href="/dashboard" className="admin-back">
|
|
← Back to dashboard
|
|
</Link>
|
|
</div>
|
|
</aside>
|
|
<section className="admin-content">{children}</section>
|
|
</div>
|
|
);
|
|
}
|