feat: implement one-time admin token generation and upgrade process
This commit is contained in:
30
src/app/actions/set-user-admin.ts
Normal file
30
src/app/actions/set-user-admin.ts
Normal file
@@ -0,0 +1,30 @@
|
||||
'use server';
|
||||
|
||||
import { auth } from '@/lib/auth';
|
||||
import db from '@/lib/db';
|
||||
import { user } from '@/lib/model/auth-schema';
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { headers } from 'next/headers';
|
||||
import { verifyAdminToken } from './verify-admin-token';
|
||||
|
||||
export async function setUserAsAdmin(email: string, adminToken: string): Promise<{ success: boolean; error?: string }> {
|
||||
// Verify the token is valid
|
||||
const tokenResult = await verifyAdminToken(adminToken);
|
||||
|
||||
if (!tokenResult.valid) {
|
||||
return { success: false, error: 'Invalid or expired admin token' };
|
||||
}
|
||||
|
||||
try {
|
||||
// Update user admin flag
|
||||
await db.update(user).set({ admin: true }).where(eq(user.email, email));
|
||||
|
||||
// Clear the token so it can't be used again
|
||||
delete process.env.ADMIN_SIGNUP_TOKEN;
|
||||
|
||||
return { success: true };
|
||||
} catch (error) {
|
||||
console.error('Error setting admin:', error);
|
||||
return { success: false, error: 'Failed to set admin status' };
|
||||
}
|
||||
}
|
||||
14
src/app/actions/verify-admin-token.ts
Normal file
14
src/app/actions/verify-admin-token.ts
Normal file
@@ -0,0 +1,14 @@
|
||||
'use server';
|
||||
|
||||
export async function verifyAdminToken(token: string): Promise<{ valid: boolean }> {
|
||||
const storedToken = process.env.ADMIN_SIGNUP_TOKEN;
|
||||
|
||||
// Token is invalid if:
|
||||
// 1. No token exists (already used or no token was generated)
|
||||
// 2. Provided token doesn't match
|
||||
if (!storedToken || token !== storedToken) {
|
||||
return { valid: false };
|
||||
}
|
||||
|
||||
return { valid: true };
|
||||
}
|
||||
@@ -1,5 +1,6 @@
|
||||
import DatasetsList from "@/components/DatasetsList";
|
||||
import CreateDatasetModal from "@/components/CreateDatasetModal";
|
||||
import { AdminTokenForm } from "@/components/AdminTokenForm";
|
||||
import { requireAdmin } from "@/lib/auth";
|
||||
import { redirect } from "next/navigation";
|
||||
import Link from "next/link";
|
||||
@@ -12,7 +13,7 @@ export default async function AdminPage() {
|
||||
}
|
||||
|
||||
if (!result.admin) {
|
||||
redirect("/");
|
||||
return <AdminTokenForm userEmail={result.session?.user.email || ""} />;
|
||||
}
|
||||
|
||||
return (
|
||||
|
||||
Reference in New Issue
Block a user