feat: add ADMIN_KEY auth guard to sensitive settings and system endpoints

Former-commit-id: 0eaa7813a16f13e123e9c131fcf90fcb8bf420fd
This commit is contained in:
anoracleofra-code
2026-03-14 07:56:14 -06:00
parent 9ad35fb5d8
commit 17c41d7ddf
3 changed files with 117 additions and 34 deletions
+5
View File
@@ -13,3 +13,8 @@ AIS_API_KEY= # https://aisstream.io/ — free tier WebSocket key
# Override allowed CORS origins (comma-separated). Defaults to localhost + LAN auto-detect.
# CORS_ORIGINS=http://192.168.1.50:3000,https://my-domain.com
# Admin key — protects sensitive endpoints (API key management, system update).
# If unset, these endpoints remain open (fine for local dev).
# Set this in production and enter the same key in Settings → Admin Key.
# ADMIN_KEY=your-secret-admin-key-here