egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Admin settings fixed

Browse Source
This commit is contained in:
Eric Gullickson
2025-11-06 14:07:16 -06:00
parent 8174e0d5f9
commit 858cf31d38
3 changed files with 119 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/src/core/plugins/admin-guard.plugin.ts
View File

@@ -3,7 +3,7 @@
* @ai-context Checks if authenticated user is an admin and enforces access control
*/
import { FastifyPluginAsync, FastifyRequest, FastifyReply } from 'fastify';
import { FastifyPluginAsync, FastifyRequest, FastifyReply, FastifyInstance } from 'fastify';
import fp from 'fastify-plugin';
import { Pool } from 'pg';
import { logger } from '../logging/logger';
@@ -23,8 +23,21 @@ export function setAdminGuardPool(pool: Pool): void {
const adminGuardPlugin: FastifyPluginAsync = async (fastify) => {
// Decorate with requireAdmin function that enforces admin authorization
fastify.decorate('requireAdmin', async function(request: FastifyRequest, reply: FastifyReply) {
fastify.decorate('requireAdmin', async function(this: FastifyInstance, request: FastifyRequest, reply: FastifyReply) {
try {
if (typeof this.authenticate !== 'function') {
logger.error('Admin guard: authenticate handler missing');
return reply.code(500).send({
error: 'Internal server error',
message: 'Authentication handler missing'
});
}
await this.authenticate(request, reply);
if (reply.sent) {
return;
}
// Ensure user is authenticated first
if (!request.userContext?.userId) {
logger.warn('Admin guard: user context missing');