ryan/bbq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gate admin routes behind auth and add copy guest link button

Browse Source 
When auth is enabled, admin pages require the logged-in user to be
the event owner — unauthorized visitors get redirected to the guest
view, and admin actions return 403. Also adds a copy-to-clipboard
button in the admin bar and a Makefile for common commands.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Ryan Chen
2026-05-18 09:06:16 -04:00
parent a0c4b28d1e
commit d68a6629ac
4 changed files with 55 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth.go
+2 -2
View File
@@ -109,7 +109,7 @@ func (s *Server) handleLoginSubmit(w http.ResponseWriter, r *http.Request) {
}
code := generateCode()
expiresAt := time.Now().Add(10 * time.Minute)
expiresAt := time.Now().UTC().Add(10 * time.Minute)
s.q.CreateVerificationCode(r.Context(), db.CreateVerificationCodeParams{
Identifier: identifier,
Code: code,
@@ -177,7 +177,7 @@ func (s *Server) handleVerifyCode(w http.ResponseWriter, r *http.Request) {
// Create session
token := generateSessionToken()
expiresAt := time.Now().Add(30 * 24 * time.Hour) // 30 days
expiresAt := time.Now().UTC().Add(30 * 24 * time.Hour) // 30 days
s.q.CreateSession(r.Context(), db.CreateSessionParams{
Token: token,
UserID: user.ID,