feat(auth): expose ADMIN_EMAILS via /api/config/auth and grant SPA admin when email matches
Made-with: Cursor
This commit is contained in:
19
index.html
19
index.html
@@ -865,6 +865,18 @@
|
||||
};
|
||||
}
|
||||
|
||||
function isConfigListedAdmin(emailRaw) {
|
||||
const e = String(emailRaw || "").trim().toLowerCase();
|
||||
if (!e) return false;
|
||||
const cfg = getAuthConfig();
|
||||
const list = Array.isArray(cfg.adminEmails) ? cfg.adminEmails : [];
|
||||
return list.some((x) => String(x).trim().toLowerCase() === e);
|
||||
}
|
||||
|
||||
function resolveAuthorizedAfterSync(canManageFromServer) {
|
||||
return Boolean(canManageFromServer) || isConfigListedAdmin(sessionEmail);
|
||||
}
|
||||
|
||||
function currentUrlNoQuery() {
|
||||
const u = new URL(location.href);
|
||||
u.searchParams.delete("code");
|
||||
@@ -932,12 +944,17 @@
|
||||
}).catch(() => null);
|
||||
if (r && r.ok) {
|
||||
const data = await r.json().catch(() => null);
|
||||
if (data && data.ok) auth.authorized = Boolean(data.canManage);
|
||||
if (data && data.ok) auth.authorized = resolveAuthorizedAfterSync(data.canManage);
|
||||
} else if (auth.user) {
|
||||
auth.authorized = isConfigListedAdmin(sessionEmail);
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
// ignore
|
||||
}
|
||||
if (auth.user && !auth.authorized) {
|
||||
auth.authorized = isConfigListedAdmin(sessionEmail);
|
||||
}
|
||||
}
|
||||
|
||||
applyManageLock();
|
||||
|
||||
Reference in New Issue
Block a user