Skip to content

fix: remove hardcoded super admin credentials #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
devpathindcommunity-india merged 1 commit into from
May 19, 2026
Merged

fix: remove hardcoded super admin credentials #90

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion scripts/create-super-admin-auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ const auth = getAuth(app);
async function createSuperAdmin() {
try {
console.log("Creating Super Admin Auth user...");
await createUserWithEmailAndPassword(auth, "ap8548328@gmail.com", "Aditya@2006@#");
await createUserWithEmailAndPassword(auth, process.env.SUPER_ADMIN_EMAIL as string, process.env.SUPER_ADMIN_PASSWORD as string);
console.log("Super Admin Auth user created successfully.");
process.exit(0);
} catch (error: any) {
Expand Down
4 changes: 2 additions & 2 deletions scripts/create-super-admin-simple.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ initializeApp({
const auth = getAuth();
const db = getFirestore();

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.SUPER_ADMIN_EMAIL;
const SUPER_ADMIN_PASSWORD = process.env.SUPER_ADMIN_PASSWORD;

async function createSuperAdmin() {
console.log(`Creating/Updating Super Admin: ${SUPER_ADMIN_EMAIL}...`);
Expand Down
4 changes: 2 additions & 2 deletions scripts/create-super-admin.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ initializeApp({
const auth = getAuth();
const db = getFirestore();

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.SUPER_ADMIN_EMAIL;
const SUPER_ADMIN_PASSWORD = process.env.SUPER_ADMIN_PASSWORD;

async function createSuperAdmin() {
console.log(`Creating/Updating Super Admin: ${SUPER_ADMIN_EMAIL}...`);
Expand Down
4 changes: 2 additions & 2 deletions scripts/create-super-admin.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ initializeApp({
const auth = getAuth();
const db = getFirestore();

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.SUPER_ADMIN_EMAIL;
const SUPER_ADMIN_PASSWORD = process.env.SUPER_ADMIN_PASSWORD;

async function createSuperAdmin() {
console.log(`Creating/Updating Super Admin: ${SUPER_ADMIN_EMAIL}...`);
Expand Down
4 changes: 2 additions & 2 deletions scripts/full-recalc.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ const app = initializeApp(firebaseConfig);
const db = getFirestore(app);
const auth = getAuth(app);

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.SUPER_ADMIN_EMAIL;
const SUPER_ADMIN_PASSWORD = process.env.SUPER_ADMIN_PASSWORD;

const POINTS = {
DAILY_LOGIN: 0,
Expand Down
4 changes: 2 additions & 2 deletions scripts/recalculate-all-points.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ const app = initializeApp(firebaseConfig);
const db = getFirestore(app);
const auth = getAuth(app);

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.SUPER_ADMIN_EMAIL;
const SUPER_ADMIN_PASSWORD = process.env.SUPER_ADMIN_PASSWORD;

const POINTS = {
DAILY_LOGIN: 0,
Expand Down
2 changes: 1 addition & 1 deletion scripts/seed-admins.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ async function seedAdmins() {
try {
// Login as Super Admin to have write access
console.log("Logging in as Super Admin...");
await signInWithEmailAndPassword(auth, "ap8548328@gmail.com", "Aditya@2006@#");
await signInWithEmailAndPassword(auth, process.env.SUPER_ADMIN_EMAIL as string, process.env.SUPER_ADMIN_PASSWORD as string);
Comment thread
devpathindcommunity-india marked this conversation as resolved.
console.log("Logged in successfully.");

for (const admin of admins) {
Expand Down
26 changes: 20 additions & 6 deletions src/app/ap/page.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,7 @@ import { signInWithEmailAndPassword } from 'firebase/auth';
import { db, auth } from '@/lib/firebase';
import AdminDashboard from '@/components/admin/AdminDashboard';

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.NEXT_PUBLIC_SUPER_ADMIN_EMAIL;
Comment thread
devpathindcommunity-india marked this conversation as resolved.

export default function SuperAdminLogin() {
const { user } = useAuth();
Expand Down Expand Up @@ -49,10 +48,12 @@ export default function SuperAdminLogin() {

sessionStorage.setItem('admin_session_key', key.trim());

// 2. Authenticate with Firebase Auth
// This is required for Firestore Rules to allow writes
// 2. Verify Authentication Context
// User must already be authenticated from the main site to perform actions
if (!auth.currentUser || auth.currentUser.email !== SUPER_ADMIN_EMAIL) {
await signInWithEmailAndPassword(auth, SUPER_ADMIN_EMAIL, SUPER_ADMIN_PASSWORD);
setError("You must be logged in with the Super Admin account first.");
setLoading(false);
return;
}

setIsAuthenticated(true);
Expand All @@ -65,7 +66,20 @@ export default function SuperAdminLogin() {
}
};

if (user && user.email !== SUPER_ADMIN_EMAIL) {
if (!user) {
return (
<div className="min-h-screen bg-black flex flex-col items-center justify-center p-4">
<Shield size={48} className="text-red-500 mb-4" />
<h1 className="text-2xl font-bold text-white mb-2">Restricted Access</h1>
<p className="text-zinc-400 mb-6 text-center max-w-sm">You must be logged in with a Super Admin account to access this page.</p>
<button onClick={() => router.push('/')} className="px-6 py-2 bg-red-600 text-white rounded-lg hover:bg-red-700 transition">
Go to Login
</button>
</div>
);
}

if (user.email !== SUPER_ADMIN_EMAIL) {
return <div className="min-h-screen flex items-center justify-center">Unauthorized</div>;
}

Expand Down
3 changes: 1 addition & 2 deletions src/components/admin/AdminDashboard.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ import { db } from '@/lib/firebase';
import Image from 'next/image';
import { calculateUserPointsAndBadges } from '@/lib/point-calculation';

const SUPER_ADMIN_EMAIL = "devpathind.community@gmail.com";
const SUPER_ADMIN_PASSWORD = "Aditya@2006@#";
const SUPER_ADMIN_EMAIL = process.env.NEXT_PUBLIC_SUPER_ADMIN_EMAIL;
Comment thread
devpathindcommunity-india marked this conversation as resolved.

interface AdminDashboardProps {
initialAuth?: boolean;
Expand Down