fix: add admin

2026-02-14 10:14:49 +01:00
parent 2e02d6d763
commit f2b690f3f5
86 changed files with 1057 additions and 1939 deletions
--- a/server/middleware/adminAuth.ts
+++ b/server/middleware/adminAuth.ts
@@ -0,0 +1,33 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+
+function getSecret(): string {
+  return useRuntimeConfig().adminPassword || "changeme";
+}
+
+export function signToken(payload: string): string {
+  return createHmac("sha256", getSecret()).update(payload).digest("hex");
+}
+
+export function verifyToken(payload: string, signature: string): boolean {
+  const expected = signToken(payload);
+  try {
+    return timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
+  } catch {
+    return false;
+  }
+}
+
+export default defineEventHandler((event) => {
+  const path = getRequestURL(event).pathname;
+  if (!path.startsWith("/api/admin/") || path === "/api/admin/login") return;
+
+  const cookie = getCookie(event, "admin-session");
+  if (!cookie) {
+    throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
+  }
+
+  const [payload, signature] = cookie.split(".");
+  if (!payload || !signature || !verifyToken(payload, signature)) {
+    throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
+  }
+});