steunix · steunix · Aug 5, 2025 · Aug 5, 2025
diff --git a/api/v1/controllers/login.mjs b/api/v1/controllers/login.mjs
@@ -119,7 +119,7 @@ export async function login (req, res, next) {
   if (!await Auth.isAdmin(user.id)) {
     const settings = await Settings.get(Const.PW_USER_ADMINID)
     for (const setting of settings) {
-      if (setting.setting === 'systemlock' && setting.value === '1') {
+      if (setting.setting === Const.SYSTEM_LOCK && setting.value === '1') {
         res.status(R.UNAUTHORIZED).send(R.ko('System is locked, retry later'))
         return
       }

diff --git a/api/v1/controllers/util.mjs b/api/v1/controllers/util.mjs
@@ -102,7 +102,7 @@ export async function systemLock (req, res, next) {
     return
   }
 
-  await Settings.set(Const.PW_USER_ADMINID, 'systemlock', '1')
+  await Settings.set(Const.PW_USER_ADMINID, Const.SYSTEM_LOCK, '1')
   Config.generateJWTKey()
 
   res.send(R.ok())
@@ -121,7 +121,7 @@ export async function systemUnlock (req, res, next) {
     return
   }
 
-  await Settings.set(Const.PW_USER_ADMINID, 'systemlock', '0')
+  await Settings.set(Const.PW_USER_ADMINID, Const.SYSTEM_LOCK, '0')
 
   res.send(R.ok())
 }
@@ -139,7 +139,7 @@ export async function systemReadOnly (req, res, next) {
     return
   }
 
-  await Cache.set(Const.PW_USER_ADMINID, 'readonly', true)
+  await Cache.set(Const.PW_USER_ADMINID, Const.SYSTEM_READONLY, true)
 
   res.send(R.ok())
 }
@@ -157,7 +157,7 @@ export async function systemReadWrite (req, res, next) {
     return
   }
 
-  await Cache.set(Const.PW_USER_ADMINID, 'readonly', false)
+  await Cache.set(Const.PW_USER_ADMINID, Const.SYSTEM_READONLY, false)
 
   res.send(R.ok())
 }
@@ -169,7 +169,7 @@ export async function systemReadWrite (req, res, next) {
  * @param {Object} next Express next
  */
 export async function systemGetReadOnly (req, res, next) {
-  const readonly = await Cache.get(Const.PW_USER_ADMINID, 'readonly')
+  const readonly = await Cache.get(Const.PW_USER_ADMINID, Const.SYSTEM_READONLY)
   res.send(R.ok({ readonly }))
 }
 
@@ -180,9 +180,9 @@ export async function systemGetReadOnly (req, res, next) {
  * @param {Object} next Express next
  */
 export async function systemGetLock (req, res, next) {
-  const settings = await Settings.get(Const.PW_USER_ADMINID, 'systemlock')
+  const settings = await Settings.get(Const.PW_USER_ADMINID, Const.SYSTEM_LOCK)
   for (const setting of settings) {
-    if (setting.setting === 'systemlock') {
+    if (setting.setting === Const.SYSTEM_LOCK) {
       res.send(R.ok({ locked: setting.value === '1' }))
       return
     }

diff --git a/lib/auth.mjs b/lib/auth.mjs
@@ -145,5 +145,5 @@ export function validatePersonalToken (personaltoken) {
  * Return read only mode from cache
  */
 export function isReadOnly () {
-  return Cache.get(Const.PW_USER_ADMINID, 'readonly')
+  return Cache.get(Const.PW_USER_ADMINID, Const.SYSTEM_READONLY)
 }
diff --git a/lib/const.mjs b/lib/const.mjs
@@ -107,6 +107,9 @@ export const KMS_TYPE_NODEK = 0
 export const KMS_TYPE_LOCALFILE = 1
 export const KMS_TYPE_GOOGLECLOUD = 2
 
+export const SYSTEM_LOCK = 'systemlock'
+export const SYSTEM_READONLY = 'readonly'
+
 export const METRICS_LOGIN_USERS = 'login_users_total'
 export const METRICS_LOGIN_APIKEYS = 'login_apikeys_total'
 export const METRICS_ITEMS_READ = 'items_read_total'

diff --git a/passweaver-api.mjs b/passweaver-api.mjs
@@ -49,7 +49,7 @@ const cfg = Config.get()
 await Cache.init()
 
 // Set readonly flag in cache
-Cache.set(Const.PW_USER_ADMINID, 'readonly', Config.get().readonly)
+Cache.set(Const.PW_USER_ADMINID, Const.SYSTEM_READONLY, Config.get().readonly)
 
 // Rate limiter
 app.use(rateLimitMiddleware)