diff --git a/.github/workflows/production.yaml b/.github/workflows/production.yaml index 59238564..2e34c572 100644 --- a/.github/workflows/production.yaml +++ b/.github/workflows/production.yaml @@ -49,6 +49,7 @@ jobs: printf "${{ secrets.CHECK_IN_CODE }}" | vercel env add CHECK_IN_CODE production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ secrets.TITO_API_TOKEN }}" | vercel env add TITO_API_TOKEN production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ secrets.OPENAI_API_KEY }}" | vercel env add OPENAI_API_KEY production --force --token=${{ secrets.VERCEL_TOKEN }} + printf "${{ secrets.HUB_ADMIN_EMAIL }}" | vercel env add HUB_ADMIN_EMAIL production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ vars.ENV_URL }}" | vercel env add BASE_URL production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ vars.INVITE_DEADLINE }}" | vercel env add INVITE_DEADLINE production --force --token=${{ secrets.VERCEL_TOKEN }} diff --git a/.github/workflows/staging.yaml b/.github/workflows/staging.yaml index 5171adc1..7d487cea 100644 --- a/.github/workflows/staging.yaml +++ b/.github/workflows/staging.yaml @@ -51,6 +51,7 @@ jobs: printf "${{ secrets.CHECK_IN_CODE }}" | vercel env add CHECK_IN_CODE production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ secrets.TITO_API_TOKEN }}" | vercel env add TITO_API_TOKEN production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ secrets.OPENAI_API_KEY }}" | vercel env add OPENAI_API_KEY production --force --token=${{ secrets.VERCEL_TOKEN }} + printf "${{ secrets.HUB_ADMIN_EMAIL }}" | vercel env add HUB_ADMIN_EMAIL production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ vars.ENV_URL }}" | vercel env add BASE_URL production --force --token=${{ secrets.VERCEL_TOKEN }} printf "${{ vars.INVITE_DEADLINE }}" | vercel env add INVITE_DEADLINE production --force --token=${{ secrets.VERCEL_TOKEN }} diff --git a/app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx b/app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx index 6ea887a8..14a53c74 100644 --- a/app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx +++ b/app/(pages)/_components/ProtectedDisplay/ProtectedDisplay.tsx @@ -4,15 +4,28 @@ import getActiveUser from 'app/(pages)/_utils/getActiveUser'; export default async function ProtectedDisplay({ allowedRoles, + allowedUser, failRedirectRoute, children, }: { allowedRoles: string[]; + allowedUser?: string; failRedirectRoute: string; children: React.ReactNode; }) { const user = await getActiveUser(failRedirectRoute); + if (allowedUser) { + const normalizedAllowedUser = allowedUser.trim().toLowerCase(); + const userEmail = String(user.email ?? '') + .trim() + .toLowerCase(); + + if (!userEmail || normalizedAllowedUser !== userEmail) { + redirect(failRedirectRoute); + } + } + const authorized = allowedRoles.includes(user.role); if (user.role === 'hacker') { diff --git a/app/(pages)/admin/layout.tsx b/app/(pages)/admin/layout.tsx index ddc1f0f1..c385ef0d 100644 --- a/app/(pages)/admin/layout.tsx +++ b/app/(pages)/admin/layout.tsx @@ -10,8 +10,23 @@ export default function AdminLayout({ }: { children: React.ReactNode; }) { + const adminEmail = process.env.HUB_ADMIN_EMAIL; + + if (!adminEmail) { + console.warn( + 'HUB_ADMIN_EMAIL environment variable is not set, no users will have access to the admin panel' + ); + } + + // Assuming only one admin email + const parsedAdminEmail = adminEmail ? adminEmail : ''; + return ( - + {children} );