Gerhard Scheikl
fb4880a1d9
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'. - lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes) - middleware.ts: defense-in-depth /admin and /api/admin guarding - API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains - Self-lockout prevention (no self demote/ban/delete) - Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL) - admin_audit_log + reserved_subdomains migration (RLS on, service-role only) - Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
34 lines
944 B
TypeScript
34 lines
944 B
TypeScript
import type { User } from '@supabase/supabase-js';
|
|
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
|
|
|
export type AuditEntry = {
|
|
action: string;
|
|
target_type?: string | null;
|
|
target_id?: string | null;
|
|
details?: Record<string, unknown>;
|
|
};
|
|
|
|
/**
|
|
* Best-effort audit logging. Never throws — a failed audit write must not
|
|
* break the underlying admin operation.
|
|
*/
|
|
export async function logAdminAction(
|
|
actor: User,
|
|
entry: AuditEntry,
|
|
): Promise<void> {
|
|
try {
|
|
const admin = getSupabaseAdmin();
|
|
await admin.from('admin_audit_log').insert({
|
|
actor_id: actor.id,
|
|
actor_email: actor.email ?? null,
|
|
action: entry.action,
|
|
target_type: entry.target_type ?? null,
|
|
target_id: entry.target_id ?? null,
|
|
details: entry.details ?? {},
|
|
});
|
|
} catch (e) {
|
|
// Swallow — audit failures should not surface to the client.
|
|
console.error('[audit] failed to write audit log', e);
|
|
}
|
|
}
|