security: fix private storage buckets, api access, and admin RLS bypasses
All checks were successful
Staging Build / build (push) Successful in 3m41s

This commit is contained in:
DanielS
2026-07-04 17:36:51 +02:00
parent 205acb803f
commit 28f2285a0e
2 changed files with 64 additions and 1 deletions

View File

@@ -67,7 +67,7 @@ export async function updateSession(request: NextRequest) {
}
// Admin protection
if (request.nextUrl.pathname.startsWith("/admin")) {
if (request.nextUrl.pathname.startsWith("/admin") || request.nextUrl.pathname.startsWith("/api/admin")) {
if (!user || !user.sub) {
const url = request.nextUrl.clone();
url.pathname = "/auth/login";