Skip to content

fix: Admin 경로를 ProtectedRoute에서 제거하여 접근성 개선 #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
koreahghg merged 1 commit into from
Dec 29, 2025
Merged

fix: Admin 경로를 ProtectedRoute에서 제거하여 접근성 개선 #46

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 1 addition & 9 deletions src/App.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,16 +45,8 @@ function App() {
<Route path="/my-page" element={<MyPage />} />
<Route path="/chat" element={<ChatPage />} />
<Route path="/chat-apply" element={<ChatApplyPage />} />
<Route path="/admin" element={<Admin />} />
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

/admin 경로를 ProtectedLayout 안으로 옮기면서 ADMIN 역할(role)을 확인하는 로직이 사라졌습니다. 이로 인해 인증만 되면 누구나 관리자 페이지에 접근할 수 있는 심각한 보안 취약점이 발생합니다. 관리자 페이지는 ADMIN 역할이 있는 사용자만 접근할 수 있도록 ProtectedRoute로 한번 더 감싸서 역할 확인을 해야 합니다.

            <Route
              path="/admin"
              element={
                <ProtectedRoute requiredRole={'ADMIN'}>
                  <Admin />
                </ProtectedRoute>
              }
            />

</Route>

<Route
path="/admin"
element={
<ProtectedRoute requiredRole={'ADMIN'}>
<Admin />
</ProtectedRoute>
}
/>
<Route path="*" element={<NotFound />} />
</Routes>

Expand Down
Loading