Ajuste de cadastro/gerenciamento de usuarios e seguranca de endpoints
continuous-integration/webhook Falha no deploy (rx.scoreodonto.com)

This commit is contained in:
VPS 4 Builder
2026-05-26 20:48:21 +02:00
parent da40ab11f6
commit dc1801f4a7
7 changed files with 104 additions and 24 deletions
+11 -3
View File
@@ -132,8 +132,16 @@ app.post('/api/debug-log', (req, res) => {
res.json({ success: true });
});
// Middleware para verificar se o usuário autenticado é admin
const requireAdmin = (req, res, next) => {
if (req.user && req.user.is_admin) {
return next();
}
return res.status(403).json({ error: 'Acesso negado. Apenas administradores.' });
};
// Status de conexões Socket.IO
app.get('/api/socket/status', (req, res) => {
app.get('/api/socket/status', authenticateToken, requireAdmin, (req, res) => {
const sockets = Array.from(io.sockets.sockets.values());
const clients = sockets.map(socket => ({
id: socket.id,
@@ -158,7 +166,7 @@ app.get('/api/socket/status', (req, res) => {
});
// Endpoint para forçar identificação de um cliente (debug)
app.post('/api/socket/request-identify/:socketId', (req, res) => {
app.post('/api/socket/request-identify/:socketId', authenticateToken, requireAdmin, (req, res) => {
const { socketId } = req.params;
const socket = io.sockets.sockets.get(socketId);
@@ -178,7 +186,7 @@ app.post('/api/socket/request-identify/:socketId', (req, res) => {
});
// Endpoint para teste de conexão Socket.IO
app.post('/api/socket/test-connection', async (req, res) => {
app.post('/api/socket/test-connection', authenticateToken, requireAdmin, async (req, res) => {
try {
const sockets = Array.from(io.sockets.sockets.values());
const totalConnections = sockets.length;