g/ember-market-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add admin dashboard and middleware protection

Browse Source 
Introduces an admin dashboard page with cards for inviting vendors, banning users, and viewing recent orders. Adds middleware logic to restrict /admin routes to the 'admin1' user and updates route matching. Also updates git-info.json with latest commit metadata.
This commit is contained in:
NotII
2025-10-15 17:17:43 +01:00
parent 72821e586c
commit 4fb6d3f740
6 changed files with 291 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
middleware.ts
View File

@@ -52,7 +52,23 @@ export async function middleware(req: NextRequest) {
return NextResponse.redirect(new URL("/auth/login", req.url));
}
console.log("Middleware: Auth check successful, proceeding to dashboard");
console.log("Middleware: Auth check successful");
// Admin-only protection for /admin routes
const pathname = new URL(req.url).pathname;
if (pathname.startsWith('/admin')) {
try {
const user = await res.json();
const username = user?.vendor?.username;
if (username !== 'admin1') {
console.log("Middleware: Non-admin attempted to access /admin, redirecting");
return NextResponse.redirect(new URL("/dashboard", req.url));
}
} catch (e) {
console.log("Middleware: Failed to parse user for admin check, redirecting to login");
return NextResponse.redirect(new URL("/auth/login", req.url));
}
}
} catch (error) {
console.error("Authentication validation failed:", error);
return NextResponse.redirect(new URL("/auth/login", req.url));
@@ -62,5 +78,5 @@ export async function middleware(req: NextRequest) {
}
export const config = {
matcher: ["/dashboard/:path*"],
matcher: ["/dashboard/:path*", "/admin/:path*"],
};