ellecio2/karibeo_backend_admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor: Analyze and fix security issues

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-12 00:50:51 +00:00
parent 6793ea6e3e
commit 5e25164a56
8 changed files with 372 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/hooks/useAdminData.ts
View File

@@ -14,7 +14,13 @@ export const useAdminData = () => {
const [loading, setLoading] = useState(true);
const [error, setError] = useState<string | null>(null);
// Check if user has admin permissions
// ⚠️ CRITICAL SECURITY WARNING: CLIENT-SIDE ROLE VERIFICATION
// This checks roles from localStorage which can be easily manipulated by attackers
// For PRODUCTION, you MUST implement server-side role verification:
// 1. Create a separate 'user_roles' table in database
// 2. Verify roles on EVERY API endpoint in the backend
// 3. Use Row Level Security (RLS) policies in Supabase
// This client-side check is ONLY for UI/UX purposes, NOT for actual security
const isAdmin = user?.role === 'admin' || user?.role === 'super_admin';
const isSuperAdmin = user?.role === 'super_admin';