paulmataruso/patchmon.net
1
0
Fork 0
mirror of https://github.com/9technologygroup/patchmon.net.git synced 2025-11-04 14:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added security restrictions to admin count endpoint and force admin setup for testing

Browse Source
This commit is contained in:
Muhammad Ibrahim
2025-09-21 22:31:07 +01:00
parent 5d35abe496
commit 38d299701d
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/src/routes/authRoutes.js
View File

@@ -10,9 +10,20 @@ const { v4: uuidv4 } = require('uuid');
const router = express.Router(); const router = express.Router();
const prisma = new PrismaClient(); const prisma = new PrismaClient();
// Check if any admin users exist (for first-time setup) // Check if any admin users exist (for first-time setup) - INTERNAL ONLY
router.get('/check-admin-users', async (req, res) => { router.get('/check-admin-users', async (req, res) => {
try { try {
// Only allow this check from localhost or internal requests
const clientIP = req.ip || req.connection.remoteAddress;
const isLocalhost = clientIP === '127.0.0.1' || clientIP === '::1' || clientIP === '::ffff:127.0.0.1';
if (!isLocalhost && !req.headers.host?.includes('localhost')) {
return res.status(403).json({
error: 'Access denied - admin check only available locally',
hasAdminUsers: true // Assume admin exists for security
});
}
const adminCount = await prisma.users.count({ const adminCount = await prisma.users.count({
where: { role: 'admin' } where: { role: 'admin' }
}); });
@@ -25,7 +36,7 @@ router.get('/check-admin-users', async (req, res) => {
console.error('Error checking admin users:', error); console.error('Error checking admin users:', error);
res.status(500).json({ res.status(500).json({
error: 'Failed to check admin users', error: 'Failed to check admin users',
hasAdminUsers: false hasAdminUsers: true // Assume admin exists for security
}); });
} }
}); });

6
frontend/src/contexts/AuthContext.jsx
View File

@@ -17,6 +17,10 @@ export const AuthProvider = ({ children }) => {
const [isLoading, setIsLoading] = useState(true) const [isLoading, setIsLoading] = useState(true)
const [permissionsLoading, setPermissionsLoading] = useState(false) const [permissionsLoading, setPermissionsLoading] = useState(false)
const [needsFirstTimeSetup, setNeedsFirstTimeSetup] = useState(false) const [needsFirstTimeSetup, setNeedsFirstTimeSetup] = useState(false)
// TEMPORARY DEBUG: Force admin setup for testing
// Remove this line after debugging
setNeedsFirstTimeSetup(true)
const [checkingSetup, setCheckingSetup] = useState(true) const [checkingSetup, setCheckingSetup] = useState(true)
// Initialize auth state from localStorage // Initialize auth state from localStorage
@@ -231,8 +235,10 @@ export const AuthProvider = ({ children }) => {
if (response.ok) { if (response.ok) {
const data = await response.json() const data = await response.json()
console.log('Admin check response:', data) // Debug log
setNeedsFirstTimeSetup(!data.hasAdminUsers) setNeedsFirstTimeSetup(!data.hasAdminUsers)
} else { } else {
console.log('Admin check failed:', response.status, response.statusText) // Debug log
// If endpoint doesn't exist or fails, assume setup is needed // If endpoint doesn't exist or fails, assume setup is needed
setNeedsFirstTimeSetup(true) setNeedsFirstTimeSetup(true)
} }