38 lines
1.3 KiB
TypeScript
38 lines
1.3 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
|
|
/**
|
|
* Authentication middleware for admin API routes
|
|
* Verifies that the request includes a valid admin session token
|
|
*/
|
|
export async function requireAdminAuth(request: NextRequest): Promise<NextResponse | null> {
|
|
const authHeader = request.headers.get('x-admin-auth');
|
|
|
|
if (!authHeader || authHeader !== 'authenticated') {
|
|
return NextResponse.json(
|
|
{ error: 'Unauthorized - Admin authentication required' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
return null; // Auth successful
|
|
}
|
|
|
|
/**
|
|
* Helper to verify admin password
|
|
*/
|
|
export async function verifyAdminPassword(password: string): Promise<boolean> {
|
|
const bcrypt = await import('bcryptjs');
|
|
|
|
// Validate that ADMIN_PASSWORD is set (security best practice)
|
|
if (!process.env.ADMIN_PASSWORD) {
|
|
console.error('SECURITY WARNING: ADMIN_PASSWORD environment variable is not set!');
|
|
// Fallback to default hash only in development
|
|
if (process.env.NODE_ENV === 'production') {
|
|
throw new Error('ADMIN_PASSWORD environment variable is required in production');
|
|
}
|
|
}
|
|
|
|
const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
|
|
return bcrypt.compare(password, adminPasswordHash);
|
|
}
|