add forbid remote admin login

src/login.ts

@@ -15,7 +15,7 @@ export const getAdminCookieValue = ()=>{
     const secretKey = setting.jwt_secretkey;
     return sign({
         username: "admin",
-        permission: []
+        permission: [],
     },secretKey,{expiresIn:'3d'});
 }
 
@@ -35,6 +35,10 @@ export const createLoginMiddleware = (knex: Knex)=>{
             sendError(400,"invalid form : username or password is not string")
             return;
         }
+        if(setting.forbid_remote_admin_login && username === "admin"){
+            sendError(403,"forbid remote admin login");
+            return;
+        }
         const user = await userController.findUser(username);
         if(user === undefined){
             sendError(401,"not authorized");

src/setting.ts

@@ -3,22 +3,39 @@ import { randomBytes } from 'crypto';
 import { existsSync, readFileSync, writeFileSync } from 'fs';
 
 export type Setting = {
-    path: string[],
+    /**
+     * if true, server will bind on '127.0.0.1' rather than '0.0.0.0'
+     */
     localmode: boolean,
+    
     guest: boolean,
+    /**
+     * JWT secret key. if you change its value, all access tokens are invalidated.
+     */
     jwt_secretkey: string,
+    /**
+     * the port which running server is binding on.
+     */
     port:number,
+
     mode:"development"|"production",
+    /**
+     * if true, do not show 'electron' window and show terminal only.
+     */
     cli:boolean,
+    /** forbid to login admin from remote client. but, it do not invalidate access token. 
+     * if you want to invalidate access token, change 'jwt_secretkey'.*/
+    forbid_remote_admin_login:boolean,
 }
 const default_setting:Setting = {
-    path:[],
+
     localmode: true,
     guest:false,
     jwt_secretkey:"itsRandom",
     port:8080,
     mode:"production",
-    cli:false
+    cli:false,
+    forbid_remote_admin_login:true,
 }
 let setting: null|Setting = null;