fix(security): harden licserver config access controls
All checks were successful
Staging Build / build (push) Successful in 2m50s

- Add auth guard to getLicServerConfig() - unauthenticated callers
  now receive null config instead of DB values
- Remove non-existent 'superadmin' role from saveLicServerConfig()
  check (only 'admin' exists per project schema)
- New migration: restrict settings table WRITE to admins only
  (previously any authenticated user could overwrite licserver_api_key)
This commit is contained in:
DanielS
2026-07-14 17:35:12 +02:00
parent fa93e060c2
commit 7119383139
2 changed files with 35 additions and 3 deletions

View File

@@ -8,12 +8,17 @@ export interface LicServerConfig {
}
/**
* Read LicServer config from the settings table (admin only).
* Read LicServer config from the settings table.
* Falls back to environment variables if DB values are empty.
* Returns null config for unauthenticated callers.
*/
export async function getLicServerConfig(): Promise<LicServerConfig> {
const supabase = await createClient()
// Auth guard — never expose config to unauthenticated callers
const { data: { user } } = await supabase.auth.getUser()
if (!user) return { base_url: null, api_key: null }
const { data } = await supabase
.from('settings')
.select('licserver_base_url, licserver_api_key')
@@ -45,8 +50,9 @@ export async function saveLicServerConfig(
.eq('id', user.id)
.single()
if (!userData || !['admin', 'superadmin'].includes(userData.role)) {
return { success: false, error: 'Keine Berechtigung' }
// Only 'admin' exists in schema — 'superadmin' removed
if (!userData || userData.role !== 'admin') {
return { success: false, error: 'Keine Berechtigung (nur Admins)' }
}
const { error } = await supabase