Gerhard Scheikl
fb4880a1d9
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'. - lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes) - middleware.ts: defense-in-depth /admin and /api/admin guarding - API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains - Self-lockout prevention (no self demote/ban/delete) - Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL) - admin_audit_log + reserved_subdomains migration (RLS on, service-role only) - Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
46 lines
1.5 KiB
TypeScript
46 lines
1.5 KiB
TypeScript
import { NextResponse, type NextRequest } from 'next/server';
|
|
import { requireAdminApi } from '@/lib/auth/admin-guard';
|
|
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
|
import { parsePageParam, parsePerPageParam } from '@/lib/admin/validators';
|
|
|
|
export const runtime = 'nodejs';
|
|
export const dynamic = 'force-dynamic';
|
|
|
|
export async function GET(req: NextRequest) {
|
|
const auth = await requireAdminApi();
|
|
if (!auth.ok) return auth.response;
|
|
|
|
const url = new URL(req.url);
|
|
const page = parsePageParam(url.searchParams.get('page'), 1);
|
|
const perPage = parsePerPageParam(url.searchParams.get('perPage'), 50, 100);
|
|
const action = (url.searchParams.get('action') ?? '').trim();
|
|
const targetType = (url.searchParams.get('target_type') ?? '').trim();
|
|
|
|
const admin = getSupabaseAdmin();
|
|
|
|
let query = admin
|
|
.from('admin_audit_log')
|
|
.select(
|
|
'id, actor_id, actor_email, action, target_type, target_id, details, created_at',
|
|
{ count: 'exact' },
|
|
);
|
|
if (action) query = query.eq('action', action);
|
|
if (targetType) query = query.eq('target_type', targetType);
|
|
|
|
const from = (page - 1) * perPage;
|
|
const to = from + perPage - 1;
|
|
query = query.order('created_at', { ascending: false }).range(from, to);
|
|
|
|
const { data, error, count } = await query;
|
|
if (error) {
|
|
return NextResponse.json({ error: error.message }, { status: 500 });
|
|
}
|
|
|
|
return NextResponse.json({
|
|
entries: data ?? [],
|
|
total: count ?? (data?.length ?? 0),
|
|
page,
|
|
perPage,
|
|
});
|
|
}
|