paulmataruso/patchmon.net
1
0
Fork 0
mirror of https://github.com/9technologygroup/patchmon.net.git synced 2025-11-10 17:05:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added security restrictions to admin count endpoint and force admin setup for testing

Browse Source
This commit is contained in:
Muhammad Ibrahim
2025-09-21 22:31:07 +01:00
parent 5d35abe496
commit 38d299701d
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/src/routes/authRoutes.js
View File

@@ -10,9 +10,20 @@ const { v4: uuidv4 } = require('uuid');
const router = express.Router();
const prisma = new PrismaClient();
// Check if any admin users exist (for first-time setup)
// Check if any admin users exist (for first-time setup) - INTERNAL ONLY
router.get('/check-admin-users', async (req, res) => {
try {
// Only allow this check from localhost or internal requests
const clientIP = req.ip || req.connection.remoteAddress;
const isLocalhost = clientIP === '127.0.0.1' || clientIP === '::1' || clientIP === '::ffff:127.0.0.1';
if (!isLocalhost && !req.headers.host?.includes('localhost')) {
return res.status(403).json({
error: 'Access denied - admin check only available locally',
hasAdminUsers: true // Assume admin exists for security
});
}
const adminCount = await prisma.users.count({
where: { role: 'admin' }
});
@@ -25,7 +36,7 @@ router.get('/check-admin-users', async (req, res) => {
console.error('Error checking admin users:', error);
res.status(500).json({
error: 'Failed to check admin users',
hasAdminUsers: false
hasAdminUsers: true // Assume admin exists for security
});
}
});