feat: implement admin authentication overlay and API integration for secure access to voice and media controls

frontend/src/App.tsx

@@ -5,6 +5,7 @@ import { MessagesPanel } from "./components/messages/MessagesPanel";
 import { ReviewPanel } from "./components/review/ReviewPanel";
 import { Tabs, TabsContent } from "./components/ui/tabs";
 import { VoicePanel } from "./components/voice/VoicePanel";
+import { AuthOverlay } from "./components/layout/AuthOverlay";
 import { useDashboardSocket } from "./hooks/useDashboardSocket";
 import { mergeMessages, useMessages } from "./hooks/useMessages";
 import { useMediaControl } from "./hooks/useMediaControl";
@@ -26,6 +27,7 @@ export default function App() {
   const [levels, setLevels] = useState<number[]>(Array.from({ length: 32 }, () => 0.04));
   const [isListening, setIsListening] = useState(false);
   const [isStreaming, setIsStreaming] = useState(false);
+  const [isAuthenticated, setIsAuthenticated] = useState(!!localStorage.getItem("admin-password"));
   const audioContextListenRef = useRef<AudioContext | null>(null);
   const audioContextTransmitRef = useRef<AudioContext | null>(null);
   const streamRef = useRef<MediaStream | null>(null);
@@ -198,6 +200,9 @@ export default function App() {
       </div>
       <Tabs value={activeTab} onValueChange={(value) => patchUIState({ activeTab: value as DashboardTab })}>
         <TabsContent value="voice">
+          {!isAuthenticated ? (
+            <AuthOverlay onAuthenticated={() => setIsAuthenticated(true)} />
+          ) : (
             <VoicePanel
               guilds={voice.guilds}
               channels={voice.voiceChannels}
@@ -216,8 +221,12 @@ export default function App() {
               onListenToggle={toggleListening}
               onStreamingToggle={toggleStreaming}
             />
+          )}
         </TabsContent>
         <TabsContent value="media">
+          {!isAuthenticated ? (
+            <AuthOverlay onAuthenticated={() => setIsAuthenticated(true)} />
+          ) : (
             <MediaPanel
               state={media.mediaState}
               loading={media.loading}
@@ -226,6 +235,7 @@ export default function App() {
               onSkip={media.skip}
               onStop={media.stop}
             />
+          )}
         </TabsContent>
         <TabsContent value="messages">
           <MessagesPanel

frontend/src/api/auth.ts

@@ -0,0 +1,8 @@
+import { request } from "./client";
+
+export async function login(password: string): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>('/api/auth/login', {
+    method: 'POST',
+    body: JSON.stringify({ password }),
+  });
+}

frontend/src/api/client.ts

@@ -50,8 +50,12 @@ class ApiError extends Error {
 }
 
 export async function request<T>(path: string, init?: RequestInit): Promise<T> {
+  const password = localStorage.getItem("admin-password");
   const res = await fetch(path, {
-    headers: { "Content-Type": "application/json" },
+    headers: {
+      "Content-Type": "application/json",
+      ...(password ? { "X-Admin-Password": password } : {}),
+    },
     ...init,
   });
 

frontend/src/components/layout/AuthOverlay.tsx

@@ -0,0 +1,62 @@
+import { useState } from "react";
+import { login } from "../../api/auth";
+import { Button } from "../ui/button";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "../ui/card";
+import { Input } from "../ui/input";
+import { Lock } from "lucide-react";
+
+interface AuthOverlayProps {
+  onAuthenticated: () => void;
+}
+
+export function AuthOverlay({ onAuthenticated }: AuthOverlayProps) {
+  const [password, setPassword] = useState("");
+  const [error, setError] = useState<string | null>(null);
+  const [loading, setLoading] = useState(false);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setLoading(true);
+    setError(null);
+    try {
+      await login(password);
+      localStorage.setItem("admin-password", password);
+      onAuthenticated();
+    } catch (err) {
+      setError("Invalid password");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div className="flex items-center justify-center p-4">
+      <Card className="w-full max-w-md">
+        <CardHeader className="text-center">
+          <div className="mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-full bg-primary/10 text-primary">
+            <Lock className="h-6 w-6" />
+          </div>
+          <CardTitle>Admin Access Required</CardTitle>
+          <CardDescription>Enter the admin password to access Voice and Media controls.</CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form onSubmit={handleSubmit} className="space-y-4">
+            <div className="space-y-2">
+              <Input
+                type="password"
+                placeholder="Enter password"
+                value={password}
+                onChange={(e) => setPassword(e.target.value)}
+                autoFocus
+              />
+              {error && <p className="text-xs text-destructive">{error}</p>}
+            </div>
+            <Button type="submit" className="w-full" disabled={loading || !password}>
+              {loading ? "Authenticating..." : "Unlock Controls"}
+            </Button>
+          </form>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}

src/config.ts

@@ -76,6 +76,7 @@ const configSchema = z
     POSTGRES_DB: z.string().optional(),
     POSTGRES_POOL_MIN: z.coerce.number().int().positive().default(2),
     POSTGRES_POOL_MAX: z.coerce.number().int().positive().default(10),
+    ADMIN_PASSWORD: z.string().default("admin123"),
   })
   .superRefine((value, ctx) => {
     if (!value.AI_ANALYSIS_ENABLED) {

src/webserver.ts

@@ -5,6 +5,7 @@ import { fileURLToPath } from "node:url";
 import { Streamer } from "@dank074/discord-video-stream";
 import { AudioPlayerStatus } from "@discordjs/voice";
 import type { Client } from "discord.js-selfbot-v13";
+import { config } from "./config";
 import express, {
   type NextFunction,
   type Request,
@@ -257,6 +258,25 @@ export async function startWebserver(
     res.send(await getMetrics());
   });
 
+  // Simple password-based auth
+  app.post("/api/auth/login", (req: Request, res: Response) => {
+    const { password } = req.body;
+    if (password === config.ADMIN_PASSWORD) {
+      res.json({ ok: true });
+    } else {
+      res.status(401).json({ error: "Invalid password" });
+    }
+  });
+
+  const adminAuth = (req: Request, res: Response, next: NextFunction) => {
+    const authHeader = req.headers["x-admin-password"];
+    if (authHeader === config.ADMIN_PASSWORD) {
+      next();
+    } else {
+      res.status(401).json({ error: "Unauthorized access to admin features" });
+    }
+  };
+
   // Register route modules
   app.use(
     "/api",
@@ -264,6 +284,7 @@ export async function startWebserver(
   );
   app.use(
     "/api",
+    adminAuth,
     createVoiceRoutes({
       voiceController,
       patchSharedUIState,
@@ -273,7 +294,7 @@ export async function startWebserver(
   app.use("/api", createMessageRoutes());
   app.use("/api", createAnalysisRoutes());
   app.use("/api", createSyncRoutes(_client));
-  app.use("/api", createMediaRoutes(mediaController));
+  app.use("/api", adminAuth, createMediaRoutes(mediaController));
 
   // Inbound: Discord PCM → tagged chunks → browser
   (globalThis as VoiceGlobals).broadcastPcmToWeb = (