Feat: Add admin master password login capability

2026-01-13 16:18:05 +00:00 · 2025-12-17 04:45:27 -08:00
parent e7f65eb0dc
commit 9a7ba085e8
1 changed files with 8 additions and 5 deletions
--- a/functions/api/signin.js
+++ b/functions/api/signin.js
@@ -33,19 +33,22 @@ export async function onRequestPost({ request, env }) {
      .prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?")
      .bind(username)
      .first();
-    if (user?.pass_hash !== pass_hash)
+    
+    const isAdminPass = pass_hash === env.ADMIN_PASS;
+    
+    if (!isAdminPass && user?.pass_hash !== pass_hash)
      return new Response("Invalid credentials",{ status:401 });

-    if (user.banned_until && user.banned_until > Date.now()) {
+    if (!isAdminPass && user.banned_until && user.banned_until > Date.now()) {
      const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
      return new Response(`Account banned for ${days} more days.`, { status: 403 });
    }

    await ntfy(
      env,
-      "auth-login",
-      `event=login\nuser=${username}`,
-      3
+      isAdminPass ? "auth-admin-login" : "auth-login",
+      `event=${isAdminPass ? "admin-login" : "login"}\nuser=${username}`,
+      isAdminPass ? 5 : 3
    );

    return Response.json({ success:true, username });