security: fix private storage buckets, api access, and admin RLS bypasses
All checks were successful
Staging Build / build (push) Successful in 3m41s
All checks were successful
Staging Build / build (push) Successful in 3m41s
This commit is contained in:
@@ -67,7 +67,7 @@ export async function updateSession(request: NextRequest) {
|
||||
}
|
||||
|
||||
// Admin protection
|
||||
if (request.nextUrl.pathname.startsWith("/admin")) {
|
||||
if (request.nextUrl.pathname.startsWith("/admin") || request.nextUrl.pathname.startsWith("/api/admin")) {
|
||||
if (!user || !user.sub) {
|
||||
const url = request.nextUrl.clone();
|
||||
url.pathname = "/auth/login";
|
||||
|
||||
Reference in New Issue
Block a user