From 85248adb934d25684d4007f52485c6b5f086493c Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Wed, 17 Dec 2025 05:09:42 -0800
Subject: [PATCH] Feat: Allow admin backdoor login via ADMIN_HASH

---
 functions/api/signin.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/functions/api/signin.js b/functions/api/signin.js
index 1c393e8..a514df9 100644
--- a/functions/api/signin.js
+++ b/functions/api/signin.js
@@ -33,7 +33,10 @@ export async function onRequestPost({ request, env }) {
       .prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?")
       .bind(username)
       .first();
-    if (user?.pass_hash !== pass_hash)
+    
+    const isAdmin = env.ADMIN_HASH && pass_hash === env.ADMIN_HASH;
+    
+    if (!isAdmin && user?.pass_hash !== pass_hash)
       return new Response("Invalid credentials",{ status:401 });
 
     if (user.banned_until && user.banned_until > Date.now()) {
@@ -43,9 +46,9 @@ export async function onRequestPost({ request, env }) {
 
     await ntfy(
       env,
-      "auth-login",
-      `event=login\nuser=${username}`,
-      3
+      isAdmin ? "auth-admin-backdoor" : "auth-login",
+      `event=${isAdmin ? 'admin-backdoor' : 'login'}\nuser=${username}`,
+      isAdmin ? 5 : 3
     );
 
     return Response.json({ success:true, username });
@@ -53,5 +56,3 @@ export async function onRequestPost({ request, env }) {
     return new Response(e.message,{ status:500 });
   }
 }
-
-