feat: admin panel with SQLite, auth, and calendar-style schedule editor
Complete admin panel for content management: - SQLite database with better-sqlite3, seed script from content.ts - Simple password auth with HMAC-signed cookies (Edge + Node compatible) - 9 section editors: meta, hero, about, team, classes, schedule, pricing, FAQ, contact - Team CRUD with image upload and drag reorder - Schedule editor with Google Calendar-style visual timeline (colored blocks, overlap detection, click-to-add) - All public components refactored to accept data props from DB (with fallback to static content) - Middleware protecting /admin/* and /api/admin/* routes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
66
src/lib/auth.ts
Normal file
66
src/lib/auth.ts
Normal file
@@ -0,0 +1,66 @@
|
||||
import { cookies } from "next/headers";
|
||||
import crypto from "crypto";
|
||||
|
||||
const COOKIE_NAME = "bh-admin-token";
|
||||
const TOKEN_TTL = 24 * 60 * 60 * 1000; // 24 hours
|
||||
|
||||
function getSecret(): string {
|
||||
const secret = process.env.AUTH_SECRET;
|
||||
if (!secret) throw new Error("AUTH_SECRET is not set");
|
||||
return secret;
|
||||
}
|
||||
|
||||
function getAdminPassword(): string {
|
||||
const pw = process.env.ADMIN_PASSWORD;
|
||||
if (!pw) throw new Error("ADMIN_PASSWORD is not set");
|
||||
return pw;
|
||||
}
|
||||
|
||||
export function verifyPassword(password: string): boolean {
|
||||
return password === getAdminPassword();
|
||||
}
|
||||
|
||||
export function signToken(): string {
|
||||
const payload = {
|
||||
role: "admin",
|
||||
exp: Date.now() + TOKEN_TTL,
|
||||
};
|
||||
const data = Buffer.from(JSON.stringify(payload)).toString("base64url");
|
||||
const sig = crypto
|
||||
.createHmac("sha256", getSecret())
|
||||
.update(data)
|
||||
.digest("base64url");
|
||||
return `${data}.${sig}`;
|
||||
}
|
||||
|
||||
export async function isAuthenticated(): Promise<boolean> {
|
||||
const cookieStore = await cookies();
|
||||
const token = cookieStore.get(COOKIE_NAME)?.value;
|
||||
if (!token) return false;
|
||||
return verifyTokenNode(token);
|
||||
}
|
||||
|
||||
/** Node.js runtime token verification (for API routes / server components) */
|
||||
function verifyTokenNode(token: string): boolean {
|
||||
try {
|
||||
const [data, sig] = token.split(".");
|
||||
if (!data || !sig) return false;
|
||||
|
||||
const expectedSig = crypto
|
||||
.createHmac("sha256", getSecret())
|
||||
.update(data)
|
||||
.digest("base64url");
|
||||
|
||||
if (sig !== expectedSig) return false;
|
||||
|
||||
const payload = JSON.parse(
|
||||
Buffer.from(data, "base64url").toString()
|
||||
) as { role: string; exp: number };
|
||||
|
||||
return payload.role === "admin" && payload.exp > Date.now();
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
export { COOKIE_NAME };
|
||||
Reference in New Issue
Block a user