fix: handle unreadable admins.json in Docker and exclude from image

Use fs.accessSync to check read permissions before reading the config file. If the file exists but isn't readable, log a warning and fall through to the ADMIN_KEY fallback. Also add config/admins.json to backend/.dockerignore to prevent it from being copied into the image. Made-with: Cursor
2026-04-05 01:17:22 -04:00
parent 0a59da8ee9
commit 52e9a7af42
2 changed files with 27 additions and 1 deletions
--- a/backend/.dockerignore
+++ b/backend/.dockerignore
@@ -0,0 +1,13 @@
+node_modules
+npm-debug.log
+.env
+.env.local
+*.db
+*.sqlite
+*.sqlite3
+data/
+.git
+.gitignore
+README.md
+config/admins.json
+
--- a/backend/config/load-admins.js
+++ b/backend/config/load-admins.js
@@ -3,10 +3,19 @@ const path = require('path');

 const DEFAULT_CONFIG_PATH = path.join(__dirname, 'admins.json');

+function canRead(filePath) {
+  try {
+    fs.accessSync(filePath, fs.constants.R_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 function loadAdmins() {
  const configPath = process.env.ADMIN_CONFIG_PATH || DEFAULT_CONFIG_PATH;

-  if (fs.existsSync(configPath)) {
+  if (canRead(configPath)) {
    const raw = fs.readFileSync(configPath, 'utf-8');
    const admins = JSON.parse(raw);

@@ -35,6 +44,10 @@ function loadAdmins() {
    return admins;
  }

+  if (fs.existsSync(configPath) && !canRead(configPath)) {
+    console.warn(`[Auth] Config file exists at ${configPath} but is not readable, skipping`);
+  }
+
  if (process.env.ADMIN_KEY) {
    console.log('[Auth] No admins config file found, falling back to ADMIN_KEY env var');
    return [{ name: 'Admin', key: process.env.ADMIN_KEY }];