Access to Admin Route when Admin url is pasted on Address bar

scaffold-eth / buidlguidl-v3

https://app.buidlguidl.com/

MIT License

18 stars 22 forks source link

Access to Admin Route when Admin url is pasted on Address bar #89

Closed ceeriil closed 1 week ago

ceeriil commented 5 months ago

Anyone can access the admin route by typing the URL into their browser's address bar, even if they are not authorized as admins. Although Interaction to Page is restricted, I think it's best if this page doesn't show at all to non admin.

Steps to Reproduce

Pasting "https://app.buidlguidl.com/admin/add-builder" on address bar shows the admin page

Expected Behavior

Non-admin users should be redirected to the homepage when attempting to access the admin route through address bar

carletex commented 5 months ago

Thanks for this @ceeriil

We are 100% aware of this, and it's not really an issue/priority since we don't hold any private data + you need to sign as an admin to make any write action.

In any case, if you want to make a PR (sweet & simple) that redirects to the homepage... more than welcome!