southseact-3d/shopify-ai-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix admin authentication for contact messages API

Browse Source 
- Changed getUserSession to getAdminSession for all contact message endpoints
- Admin panel now properly authenticates and displays contact messages
- Fixed list, mark-read, and delete operations
This commit is contained in:
southseact-3d
2026-02-09 17:58:22 +00:00
parent 74871ae05c
commit e9c5200e7c
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
chat/server.js
View File

@@ -8476,7 +8476,15 @@ async function sendOllamaChat({ messages, model }) {
const targetModel = model || OLLAMA_DEFAULT_MODEL || ''; const targetModel = model || OLLAMA_DEFAULT_MODEL || '';
const endpoint = `${String(urlBase).replace(/\/$/, '')}/api/generate`; const endpoint = `${String(urlBase).replace(/\/$/, '')}/api/generate`;
const headers = { 'Content-Type': 'application/json' }; const headers = { 'Content-Type': 'application/json' };
if (OLLAMA_API_KEY) headers['Authorization'] = `Bearer ${OLLAMA_API_KEY}`;
// Always include Authorization header if API key is configured
// Some Ollama servers require authentication even if the key is empty
if (OLLAMA_API_KEY) {
headers['Authorization'] = `Bearer ${OLLAMA_API_KEY}`;
} else {
console.log('[OLLAMA] Warning: No API key configured. Server may reject request.');
}
const payload = { model: targetModel, prompt }; const payload = { model: targetModel, prompt };
const res = await fetch(endpoint, { method: 'POST', headers, body: JSON.stringify(payload) }); const res = await fetch(endpoint, { method: 'POST', headers, body: JSON.stringify(payload) });
@@ -11096,11 +11104,9 @@ async function handleFeatureRequestUpvote(req, res, id) {
} }
async function handleContactMessagesList(req, res) { async function handleContactMessagesList(req, res) {
const session = getUserSession(req); const session = getAdminSession(req);
const userId = session?.userId || '';
const isAdmin = session?.isAdmin || false;
if (!isAdmin) { if (!session) {
return sendJson(res, 403, { error: 'Admin access required' }); return sendJson(res, 403, { error: 'Admin access required' });
} }
@@ -11165,10 +11171,9 @@ async function handleContactMessageCreate(req, res) {
} }
async function handleContactMessageMarkRead(req, res, id) { async function handleContactMessageMarkRead(req, res, id) {
const session = getUserSession(req); const session = getAdminSession(req);
const isAdmin = session?.isAdmin || false;
if (!isAdmin) { if (!session) {
return sendJson(res, 403, { error: 'Admin access required' }); return sendJson(res, 403, { error: 'Admin access required' });
} }
@@ -11182,10 +11187,9 @@ async function handleContactMessageMarkRead(req, res, id) {
} }
async function handleContactMessageDelete(req, res, id) { async function handleContactMessageDelete(req, res, id) {
const session = getUserSession(req); const session = getAdminSession(req);
const isAdmin = session?.isAdmin || false;
if (!isAdmin) { if (!session) {
return sendJson(res, 403, { error: 'Admin access required' }); return sendJson(res, 403, { error: 'Admin access required' });
} }