security: require auth token for dashboard/requests API + login page

This commit is contained in:
mango
2026-02-22 22:18:57 +08:00
parent df8c9316f1
commit 670695066d
2 changed files with 33 additions and 6 deletions

View File

@@ -119,8 +119,9 @@ const server = http.createServer((req, res) => {
// API routes
(async () => {
try {
// GET /api/dashboard - public overview
// GET /api/dashboard - requires auth
if (url.pathname === '/api/dashboard' && method === 'GET') {
if (!auth()) return;
const now = Math.floor(Date.now()/1000);
const today = now - (now % 86400);
const nodes = getNodes.all();
@@ -129,8 +130,9 @@ const server = http.createServer((req, res) => {
return json(200, { nodes, stats, requests: reqs, token: undefined });
}
// GET /api/requests?page=1&size=50
// GET /api/requests - requires auth
if (url.pathname === '/api/requests' && method === 'GET') {
if (!auth()) return;
const page = parseInt(url.searchParams.get('page') || '1');
const size = Math.min(parseInt(url.searchParams.get('size') || '50'), 200);
const offset = (page - 1) * size;