add authorization for the admin dashboard
dnsbty opened this issue · comments
Right now, the admin dashboard is hidden behind basic authentication. This hasn't been a huge deal thus far just because there wasn't really any secure information to worry about. Now that the app stores user emails and passwords, security should be a higher concern. There is a potential attack vector of using the Live Dashboard's user logging if any rogue log lines were added.
The live dashboard should be secured behind authorization. Perhaps adding a role
enum to the users table with only users of the admin
role being allowed to access the dashboard.