akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
881992b6cc26fef5023ce1414bc08cff163659cd
caddy-proxy-manager/app/api/analytics/hosts/route.ts
fuomag9 881992b6cc Restrict analytics, GeoIP status, and OpenAPI spec to admin role 
Pentest found that all 8 analytics API endpoints, the GeoIP status
endpoint, and the OpenAPI spec were accessible to any authenticated
user. Since the user role should only have access to forward auth
and self-service, these are now admin-only.

- analytics/*: requireUser → requireAdmin
- geoip-status: requireUser → requireAdmin
- openapi.json: add requireApiAdmin + change Cache-Control to private
- analytics/api-docs pages: requireUser → requireAdmin (defense-in-depth)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 00:02:13 +02:00

10 lines
286 B
TypeScript
Raw Blame History

import { NextResponse } from 'next/server';
import { requireAdmin } from '@/src/lib/auth';
import { getAnalyticsHosts } from '@/src/lib/analytics-db';
export async function GET() {
await requireAdmin();
const hosts = await getAnalyticsHosts();
return NextResponse.json(hosts);
}
Reference in New Issue View Git Blame Copy Permalink