fixes

pkg/app/app.go

@@ -249,7 +249,7 @@ func (a *App) setupServer() error {
 	a.app.Get("/api/info", a.handleInfo)
 
 	// Admin endpoints (bypass management)
-	a.app.All("/api/admin/bypasses/:id?", a.handleAdminBypasses)
+	a.app.All("/api/admin/bypasses/:id?", a.requireAdmin, a.handleAdminBypasses)
 
 	// Proxy handlers (adapted from net/http)
 	// Load git credentials if configured

pkg/app/handlers_admin.go

@@ -110,13 +110,13 @@ func (a *App) handleListBypasses(c *fiber.Ctx) error {
 
 // CreateBypassRequest represents the request body for creating a bypass
 type CreateBypassRequest struct {
-	Type           metadata.BypassType `json:"type"`                     // "cve" or "package"
-	Target         string              `json:"target"`                   // CVE ID or package name
-	Reason         string              `json:"reason"`                   // Why this bypass is needed
-	CreatedBy      string              `json:"created_by"`               // Admin username
-	ExpiresInHours int                 `json:"expires_in_hours"`         // How many hours until expiration
-	AppliesTo      string              `json:"applies_to,omitempty"`     // Optional: limit CVE bypass to specific package
-	NotifyOnExpiry bool                `json:"notify_on_expiry"`         // Send notification when expired
+	Type           metadata.BypassType `json:"type"`                 // "cve" or "package"
+	Target         string              `json:"target"`               // CVE ID or package name
+	Reason         string              `json:"reason"`               // Why this bypass is needed
+	CreatedBy      string              `json:"created_by"`           // Admin username
+	ExpiresInHours int                 `json:"expires_in_hours"`     // How many hours until expiration
+	AppliesTo      string              `json:"applies_to,omitempty"` // Optional: limit CVE bypass to specific package
+	NotifyOnExpiry bool                `json:"notify_on_expiry"`     // Send notification when expired
 }
 
 // handleCreateBypass creates a new CVE bypass