4ev-link/4ev.link
1
0
Fork 0
mirror of https://github.com/4ev-link/4ev.link.git synced 2026-01-14 00:28:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat: Allow admin backdoor login via ADMIN_HASH

Browse Source
This commit is contained in:
multipleof4
2025-12-17 05:09:42 -08:00
parent 99716b7eae
commit 85248adb93
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
functions/api/signin.js
View File

@@ -33,7 +33,10 @@ export async function onRequestPost({ request, env }) {
.prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?") .prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?")
.bind(username) .bind(username)
.first(); .first();
if (user?.pass_hash !== pass_hash)
const isAdmin = env.ADMIN_HASH && pass_hash === env.ADMIN_HASH;
if (!isAdmin && user?.pass_hash !== pass_hash)
return new Response("Invalid credentials",{ status:401 }); return new Response("Invalid credentials",{ status:401 });
if (user.banned_until && user.banned_until > Date.now()) { if (user.banned_until && user.banned_until > Date.now()) {
@@ -43,9 +46,9 @@ export async function onRequestPost({ request, env }) {
await ntfy( await ntfy(
env, env,
"auth-login", isAdmin ? "auth-admin-backdoor" : "auth-login",
`event=login\nuser=${username}`, `event=${isAdmin ? 'admin-backdoor' : 'login'}\nuser=${username}`,
3 isAdmin ? 5 : 3
); );
return Response.json({ success:true, username }); return Response.json({ success:true, username });
@@ -53,5 +56,3 @@ export async function onRequestPost({ request, env }) {
return new Response(e.message,{ status:500 }); return new Response(e.message,{ status:500 });
} }
} }