use boot-key query parameter, tighten url match, put randomness in suggestions

app/client/ui/AdminPanel.ts

@@ -98,14 +98,15 @@ export class AdminPanel extends Disposable {
    * which could include a legit adminstrator if auth is misconfigured.
    */
   private _buildMainContentForOthers(owner: MultiHolder) {
+    const exampleKey = 'example-' + window.crypto.randomUUID();
     return dom.create(AdminSection, t('Administrator Panel Unavailable'), [
       dom('p', t(`You do not have access to the administrator panel.
 Please log in as an administrator.`)),
       dom(
         'p',
         t(`Or, as a fallback, you can set: {{bootKey}} in the environment and visit: {{url}}`, {
-          bootKey: dom('pre', 'GRIST_BOOT_KEY=secret'),
-          url: dom('pre', `/admin?key=secret`)
+          bootKey: dom('pre', `GRIST_BOOT_KEY=${exampleKey}`),
+          url: dom('pre', `/admin?boot-key=${exampleKey}`)
         }),
       ),
     ]);

app/common/BaseAPI.ts

@@ -66,9 +66,9 @@ export class BaseAPI {
     // This is a fallback mechanism if auth is broken to access the
     // admin panel.
     // TODO: should this be more selective?
-    if (typeof window !== 'undefined' && window.location) {
-      const url = new URL(window.location.href);
-      const bootKey = url.searchParams.get('boot');
+    if (typeof window !== 'undefined' && window.location &&
+        window.location.pathname.endsWith('/admin')) {
+      const bootKey = new URLSearchParams(window.location.search).get('boot-key')
       if (bootKey) {
         this._headers['X-Boot-Key'] = bootKey;
       }

app/server/lib/FlexServer.ts

@@ -560,7 +560,7 @@ export class FlexServer implements GristServer {
     this.app.get('/boot(/(:bootKey/?)?)?$', async (req, res) => {
       // Doing a good redirect is actually pretty subtle and we might
       // get it wrong, so just say /boot got moved.
-      res.send('The /boot/key page is now /admin?boot=key');
+      res.send('The /boot/KEY page is now /admin?boot-key=KEY');
     });
   }