Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict for DevDojo Auth Setup to Admin users #177

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

oluwaseye
Copy link
Contributor

At the moment any user can visit the route /auth/setup and make changes. Restricting the /auth/setup/* to admin users only.
I also added AdminOnlyRoutes Middleware for future use, if there are other routes.

@bobbyiliev bobbyiliev requested a review from tnylea December 22, 2024 14:18
Copy link
Collaborator

@bobbyiliev bobbyiliev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is actually a redirect from /auth/setup to /dashboard already available out of the box as a security feature when the APP_ENV in your .env file is set to production. This ensures that access to the setup page is disabled in production environments to protect your app.

To access the setup page, you can temporarily change the APP_ENV value in your .env file to local. This will prevent the redirect and allow you to complete the setup process.

Once you’ve finished setting up the authentication, make sure to change the APP_ENV value back to production before deploying your app. This step is important to prevent unauthorized access to the setup page in a live environment.

https://devdojo.com/question/devdojoauth-drift-theme

This PR looks ok to me for adding that extra protection, but will leave the decision if this should be merged to @tnylea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants