4ev-link/4ev.link
1
0
Fork 0
mirror of https://github.com/4ev-link/4ev.link.git synced 2026-01-13 16:18:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat: Allow admin backdoor login via ADMIN_HASH

Browse Source
This commit is contained in:
multipleof4
2025-12-17 05:09:42 -08:00
parent 99716b7eae
commit 85248adb93
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
functions/api/signin.js
View File

@@ -33,7 +33,10 @@ export async function onRequestPost({ request, env }) {
.prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?")
.bind(username)
.first();
if (user?.pass_hash !== pass_hash)
const isAdmin = env.ADMIN_HASH && pass_hash === env.ADMIN_HASH;
if (!isAdmin && user?.pass_hash !== pass_hash)
return new Response("Invalid credentials",{ status:401 });
if (user.banned_until && user.banned_until > Date.now()) {
@@ -43,9 +46,9 @@ export async function onRequestPost({ request, env }) {
await ntfy(
env,
"auth-login",
`event=login\nuser=${username}`,
3
isAdmin ? "auth-admin-backdoor" : "auth-login",
`event=${isAdmin ? 'admin-backdoor' : 'login'}\nuser=${username}`,
isAdmin ? 5 : 3
);
return Response.json({ success:true, username });
@@ -53,5 +56,3 @@ export async function onRequestPost({ request, env }) {
return new Response(e.message,{ status:500 });
}
}