8f2ef2cc98
MDM-VPN-Pivot (Phase F.2 done): - ops/mdm/profiles/rebreak-iphone-protection.mobileconfig auf v5 mit com.apple.vpn.managed Payload + OnDemandUserOverrideDisabled. iPhone-User kann ReBreak-VPN-Profile nicht entfernen und "Bedarf verbinden"-Toggle ist disabled. allowEnablingRestrictions empirisch widerlegt für FC-Toggle- Lock — out. - DEV-removable Variante als Test-Profile dazu. - Bootstrap-Tool (rebreak-supervise.sh) + Supervision-Identity-Setup-Doc. - PHASES.md updated mit empirischen Befunden. App-side MDM-Detect (Pfad-a Banner-Logic): - modules/rebreak-protection: getDeviceState() returnt mdmManaged via Heuristik NETunnelProviderManager.count > 1 (App selbst kann nur einen eigenen erstellen, MDM-Push fügt einen zweiten hinzu). - DeviceLayers.mdmManaged?: boolean Type. - blocker.tsx: lockedIn-Bedingung erweitert um mdmManaged. Bei MDM-managed iPhones wird der App-Lock-Card (FC-Authorization-Toggle UI) ausgeblendet weil der per-App FC-Toggle nicht lockbar ist und durch den MDM-VPN-Layer redundant. Layer-2-Country-Curated-Pivot: - backend: vip-swap.post.ts raus, suggest.post.ts rein. Curated-domains durch admin (separate Tabelle/Pfad), getrennt von User-Custom-Domains. - Admin-APIs für curated-domain Pflege (index.get + [id].patch). - seed-country-blocklists Script für initiale Curated-Domain-Liste. - protection/webcontent-domains.get refactored für Country-Curated-Pfad. - Migration drop_vip_swap_fields.sql + schema.prisma adjusted. - docs/concepts/layer2-country-pivot.md mit Architektur + Decision-Trail. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
37 lines
1.2 KiB
TypeScript
37 lines
1.2 KiB
TypeScript
import { getCuratedDomains, type CuratedDomainStatus } from "../../../db/curatedDomains";
|
|
|
|
/**
|
|
* GET /api/admin/curated-domains?status=suggested&country=DE
|
|
*
|
|
* Admin-Inbox für User-vorgeschlagene Country-Curated-Domains.
|
|
* Query-Params:
|
|
* status — "suggested" | "approved" | "rejected" (optional, default: alle)
|
|
* country — Ländercode filtern (optional)
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
const config = useRuntimeConfig();
|
|
const adminSecret = getHeader(event, "x-admin-secret");
|
|
if (adminSecret !== config.adminSecret) {
|
|
throw createError({ statusCode: 401, message: "Unauthorized" });
|
|
}
|
|
|
|
const query = getQuery(event);
|
|
const status = query.status as CuratedDomainStatus | undefined;
|
|
const country = query.country as string | undefined;
|
|
|
|
const validStatuses: CuratedDomainStatus[] = ["suggested", "approved", "rejected"];
|
|
if (status && !validStatuses.includes(status)) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
data: { error: "INVALID_STATUS", valid: validStatuses },
|
|
});
|
|
}
|
|
|
|
const rows = await getCuratedDomains({
|
|
...(status ? { status } : {}),
|
|
...(country ? { country: country.toUpperCase() } : {}),
|
|
});
|
|
|
|
return { items: rows, total: rows.length };
|
|
});
|