kennethnym/aris
1
0
Fork 0
mirror of https://github.com/kennethnym/aris.git synced 2026-03-24 02:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
464cbe4fa30aa5deba3a857a34cfe8a05a8e104a
aris/apps/aelis-backend/src/auth/admin-middleware.ts

29 lines
824 B
TypeScript
Raw Normal View History

feat(backend): add admin API with provider config endpoint (#83) * feat(backend): add admin API with provider config endpoint Add /api/admin/* route group with admin role middleware and a PUT /api/admin/:sourceId/config endpoint for updating feed source provider config at runtime. Currently supports aelis.weather. Co-authored-by: Ona <no-reply@ona.com> * test: remove weak active session test Co-authored-by: Ona <no-reply@ona.com> --------- Co-authored-by: Ona <no-reply@ona.com>
2026-03-21 19:01:43 +00:00
import type { Context, MiddlewareHandler, Next } from "hono"
import type { Auth } from "./index.ts"
import type { AuthSessionEnv } from "./session-middleware.ts"
export type AdminMiddleware = MiddlewareHandler<AuthSessionEnv>
/**
* Creates a middleware that requires a valid session with admin role.
* Returns 401 if not authenticated, 403 if not admin.
*/
export function createRequireAdmin(auth: Auth): AdminMiddleware {
return async (c: Context, next: Next): Promise<Response | void> => {
const session = await auth.api.getSession({ headers: c.req.raw.headers })
if (!session) {
return c.json({ error: "Unauthorized" }, 401)
}
if (session.user.role !== "admin") {
return c.json({ error: "Forbidden" }, 403)
}
c.set("user", session.user)
c.set("session", session.session)
await next()
}
}
Reference in New Issue Copy Permalink