Authentication
The admin panel is protected by role-based authentication. Only users with the ADMIN role can access it.
Login Methods
Section titled “Login Methods”Email/Password
Section titled “Email/Password”- Navigate to the admin panel URL
- Enter your admin email and password
- The system verifies your credentials AND checks for ADMIN role
- If authenticated with correct role, you’re redirected to the dashboard
Wallet Connection (Future)
Section titled “Wallet Connection (Future)”- UI placeholders exist for MetaMask/WalletConnect login
- Same SIWE flow as the main platform
- Backend integration pending
Social Login (Future)
Section titled “Social Login (Future)”- Google/Apple OAuth buttons visible but deferred
- Will require ADMIN role verification after OAuth
Access Control
Section titled “Access Control”The AdminGuard component protects all admin routes:
- Valid admin token → access granted
- Valid non-admin token → “Admin access required” rejection screen
- No token/expired → redirected to login page
Session Management
Section titled “Session Management”- JWT tokens are stored in localStorage
- Proactive token refresh — tokens refresh 30 seconds before expiry
- 401 retry — failed requests automatically retry with a fresh token
- Concurrent refresh dedup — multiple simultaneous refresh calls are deduplicated
- Logout — clears all stored tokens and redirects to login
Security Notes
Section titled “Security Notes”- Admin credentials should be strong and unique
- Sessions auto-expire after token lifetime
- All API communication uses HTTPS
- Role verification happens server-side — client-side guards are a UX layer only