feat(backend): add admin API with provider config endpoint (#83)

* feat(backend): add admin API with provider config endpoint Add /api/admin/* route group with admin role middleware and a PUT /api/admin/:sourceId/config endpoint for updating feed source provider config at runtime. Currently supports aelis.weather. Co-authored-by: Ona <no-reply@ona.com> * test: remove weak active session test Co-authored-by: Ona <no-reply@ona.com> --------- Co-authored-by: Ona <no-reply@ona.com>
2026-03-23 02:21:17 +00:00 · 2026-03-21 19:01:43 +00:00
parent 0095d9cd72
commit 7862a6d367
6 changed files with 381 additions and 0 deletions
--- a/apps/aelis-backend/src/auth/admin-middleware.ts
+++ b/apps/aelis-backend/src/auth/admin-middleware.ts
@@ -0,0 +1,28 @@
+import type { Context, MiddlewareHandler, Next } from "hono"
+
+import type { Auth } from "./index.ts"
+import type { AuthSessionEnv } from "./session-middleware.ts"
+
+export type AdminMiddleware = MiddlewareHandler<AuthSessionEnv>
+
+/**
+ * Creates a middleware that requires a valid session with admin role.
+ * Returns 401 if not authenticated, 403 if not admin.
+ */
+export function createRequireAdmin(auth: Auth): AdminMiddleware {
+	return async (c: Context, next: Next): Promise<Response | void> => {
+		const session = await auth.api.getSession({ headers: c.req.raw.headers })
+
+		if (!session) {
+			return c.json({ error: "Unauthorized" }, 401)
+		}
+
+		if (session.user.role !== "admin") {
+			return c.json({ error: "Forbidden" }, 403)
+		}
+
+		c.set("user", session.user)
+		c.set("session", session.session)
+		await next()
+	}
+}