* Admin dashboard routes. * * All routes under /admin require the requesting user to have isAdmin = true. * The caller (pty-server.ts) is responsible for applying the auth middleware * before mounting this router.
(req: Request, res: Response, next: () => void)
| 15 | */ |
| 16 | |
| 17 | function requireAdmin(req: Request, res: Response, next: () => void): void { |
| 18 | const user = (req as AuthenticatedRequest).user; |
| 19 | if (!user?.isAdmin) { |
| 20 | res.status(403).json({ error: "Forbidden" }); |
| 21 | return; |
| 22 | } |
| 23 | next(); |
| 24 | } |
| 25 | |
| 26 | export function createAdminRouter( |
| 27 | sessionManager: SessionManager, |