v1.0.9-beta.024 - fix: resolve 403 Forbidden errors during initial setup wizard
The recent Global Admin API Protection update to the middleware strictly locked down all /api/admin/* routes, which unintentionally blocked the unauthenticated requests made during the initial setup wizard.
- Modified src/middleware.ts to whitelist /api/admin/test, /api/admin/prowlarr/indexers, /api/admin/config, and /api/admin/restore as public routes.
- Shifted the ADMIN role authorization checks directly into the est, indexers, and
estore API route handlers. These checks now conditionally bypass enforcement if the setup_complete database flag is false, allowing the setup wizard to function. - Fixed a variable scoping issue in src/app/api/admin/restore/route.ts where the session variable was inaccessible to the AuditLogger at the end of the function, and added a fallback to log as 'System' during the initial setup phase.