d5b00a86dc
- lib/admin.ts: isAdmin(session) por allowlist ADMIN_EMAILS (normalizada) o gmlevel de AzerothCore (account_access, resiliente si no existe). ADMIN_EMAILS/ADMIN_GMLEVEL en .env.local. - lib/admin-news.ts: listNews / createNews / deleteNews (home_noticia). - Routes /api/admin/news (POST, guard isAdmin) y /api/admin/news/[id] (DELETE). - Páginas /admin (dashboard) y /admin/news (protegidas: no-admin -> redirect). AdminNewsManager (cliente: crear + listar + borrar). Verificado: /admin sin permiso redirige, APIs 403; el pipeline crear noticia -> se renderiza en la home (SSR) funciona. Turnstile bloquea el login por curl (correcto). Pendiente admin: precios de servicios, foros, sitios de voto, usuarios. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
28 lines
983 B
TypeScript
28 lines
983 B
TypeScript
import type { RowDataPacket } from 'mysql2'
|
|
import { db, DB } from './db'
|
|
import { normalizeEmail } from './bnet'
|
|
import type { SessionData } from './session'
|
|
|
|
/** ¿Es administrador? Por allowlist de email (ADMIN_EMAILS) o por gmlevel de AzerothCore. */
|
|
export async function isAdmin(session: SessionData): Promise<boolean> {
|
|
if (!session.bnetId) return false
|
|
|
|
const allow = (process.env.ADMIN_EMAILS || '')
|
|
.split(',')
|
|
.map((e) => normalizeEmail(e))
|
|
.filter(Boolean)
|
|
if (session.bnetEmail && allow.includes(normalizeEmail(session.bnetEmail))) return true
|
|
|
|
try {
|
|
const level = Number(process.env.ADMIN_GMLEVEL || 3)
|
|
const [rows] = await db(DB.auth).query<RowDataPacket[]>(
|
|
'SELECT gmlevel FROM account_access WHERE id = ? ORDER BY gmlevel DESC LIMIT 1',
|
|
[session.accountId ?? 0],
|
|
)
|
|
if (rows[0] && Number(rows[0].gmlevel) >= level) return true
|
|
} catch {
|
|
// account_access puede no existir (acore sin poblar)
|
|
}
|
|
return false
|
|
}
|