| 10 | * Returns the admin user if authorized, or a NextResponse error if not |
| 11 | */ |
| 12 | export async function checkAdminAuth(): Promise< |
| 13 | utils.AdminUser | NextResponse |
| 14 | > { |
| 15 | const session = await getServerSession(authOptions) |
| 16 | |
| 17 | // Use shared admin check utility |
| 18 | const adminUser = await utils.checkSessionIsAdmin(session) |
| 19 | if (!adminUser) { |
| 20 | if (session?.user?.id) { |
| 21 | logger.warn( |
| 22 | { userId: session.user.id }, |
| 23 | 'Unauthorized access attempt to admin endpoint', |
| 24 | ) |
| 25 | } |
| 26 | return NextResponse.json( |
| 27 | { error: 'Forbidden - not an admin' }, |
| 28 | { status: 403 }, |
| 29 | ) |
| 30 | } |
| 31 | |
| 32 | return adminUser |
| 33 | } |
| 34 | |
| 35 | /** |
| 36 | * Higher-order function to wrap admin API routes with authentication |