feat(auth): expose ADMIN_EMAILS via /api/config/auth and grant SPA admin when email matches

Made-with: Cursor
This commit is contained in:
dosangyoon
2026-03-23 10:31:15 +09:00
parent ea104aef6e
commit 899cdf14d0
4 changed files with 70 additions and 11 deletions

View File

@@ -865,6 +865,18 @@
};
}
function isConfigListedAdmin(emailRaw) {
const e = String(emailRaw || "").trim().toLowerCase();
if (!e) return false;
const cfg = getAuthConfig();
const list = Array.isArray(cfg.adminEmails) ? cfg.adminEmails : [];
return list.some((x) => String(x).trim().toLowerCase() === e);
}
function resolveAuthorizedAfterSync(canManageFromServer) {
return Boolean(canManageFromServer) || isConfigListedAdmin(sessionEmail);
}
function currentUrlNoQuery() {
const u = new URL(location.href);
u.searchParams.delete("code");
@@ -932,12 +944,17 @@
}).catch(() => null);
if (r && r.ok) {
const data = await r.json().catch(() => null);
if (data && data.ok) auth.authorized = Boolean(data.canManage);
if (data && data.ok) auth.authorized = resolveAuthorizedAfterSync(data.canManage);
} else if (auth.user) {
auth.authorized = isConfigListedAdmin(sessionEmail);
}
}
} catch {
// ignore
}
if (auth.user && !auth.authorized) {
auth.authorized = isConfigListedAdmin(sessionEmail);
}
}
applyManageLock();