fix: address security review findings, implement real cache clearing, and fix lifecycle promises

2026-01-08 21:29:09 +01:00
parent 0f6cce9b6e
commit 19206b5cc7
11 changed files with 176 additions and 47 deletions
--- a/web/src/components/ControlPanel.tsx
+++ b/web/src/components/ControlPanel.tsx
@@ -10,6 +10,14 @@ interface ControlPanelProps {
    maintenanceMode: boolean;
 }

+declare global {
+    interface Window {
+        AURORA_ENV?: {
+            ADMIN_TOKEN: string;
+        };
+    }
+}
+
 /**
 * ControlPanel component provides quick administrative actions for the bot.
 * Integrated with the premium glassmorphic theme.
@@ -20,12 +28,16 @@ export function ControlPanel({ maintenanceMode }: ControlPanelProps) {
    /**
     * Handles triggering an administrative action via the API
     */
-    const handleAction = async (action: string, payload?: any) => {
+    const handleAction = async (action: string, payload?: Record<string, unknown>) => {
        setLoading(action);
        try {
+            const token = window.AURORA_ENV?.ADMIN_TOKEN;
            const response = await fetch(`/api/actions/${action}`, {
                method: "POST",
-                headers: { "Content-Type": "application/json" },
+                headers: {
+                    "Content-Type": "application/json",
+                    "Authorization": `Bearer ${token}`
+                },
                body: payload ? JSON.stringify(payload) : undefined,
            });
            if (!response.ok) throw new Error(`Action ${action} failed`);
@@ -88,8 +100,8 @@ export function ControlPanel({ maintenanceMode }: ControlPanelProps) {
                <Button
                    variant="outline"
                    className={`glass flex items-center justify-between h-auto py-4 px-5 border-white/10 transition-all group/maint ${maintenanceMode
-                            ? 'bg-red-500/10 border-red-500/50 hover:bg-red-500/20'
-                            : 'hover:border-yellow-500/50 hover:bg-yellow-500/5'
+                        ? 'bg-red-500/10 border-red-500/50 hover:bg-red-500/20'
+                        : 'hover:border-yellow-500/50 hover:bg-yellow-500/5'
                        }`}
                    onClick={() => handleAction("maintenance-mode", { enabled: !maintenanceMode, reason: "Dashboard toggle" })}
                    disabled={!!loading}