xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove admin key support; admin must be authenticated

Browse Source
This commit is contained in:
Frank Tovar
2026-02-05 17:07:37 +01:00
parent 52960a78bc
commit 6b5f8a66c9
4 changed files with 23 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Endpoints/EndpointHelpers.cs
View File

@@ -235,14 +235,10 @@ internal static class EndpointHelpers
return uri.Scheme is "http" or "https";
}
public static async Task<bool> IsAdmin(HttpContext ctx, AppDbContext db, IConfiguration config)
public static async Task<bool> IsAdmin(HttpContext ctx, AppDbContext db)
{
var player = await GetAuthenticatedPlayer(ctx, db);
if (player?.IsAdmin == true) return true;
var provided = ctx.Request.Headers["X-Admin-Key"].FirstOrDefault();
var expected = config["ADMIN_PASSWORD"];
return !string.IsNullOrWhiteSpace(expected) && provided == expected;
return player?.IsAdmin == true;
}
public static AppState NewAppState() => new()