rebreak-monorepo

chahine/rebreak-monorepo

Fork 0

Commit Graph

Author	SHA1	Message	Date
chahinebrini	e12da5385c	feat(admin): Phase 3 — requireAdmin middleware + verify-admin endpoint Backend-side admin-auth. Admin-App (apps/admin/) braucht das damit useAdminAuth.verifyAdminRole() nach Login server-side prüfen kann ob User in admin_users-tabelle steht. New schema: - model AdminUser → table rebreak.admin_users (user_id UUID PK FK Profile.id, created_at, added_by). Migration 20260508_admin_users/migration.sql. - ⚠️ SCHEMA-MIGRATION — NICHT autopushen. User entscheidet wann pipeline triggert. New backend code: - backend/server/db/admin.ts: isAdminUser(userId) → boolean - backend/server/utils/auth.ts: requireAdmin(event) wraps requireUser + isAdminUser-check. Throws 403 wenn nicht admin. - backend/server/api/admin/verify-admin.get.ts: GET endpoint. Returns { isAdmin: true, userId, email } bei success, 403 sonst, 401 if not auth'd. Tests (5 cases in tests/admin/verify-admin.test.ts): - isAdminUser DB-layer: row exists/null - requireAdmin: admin → user, non-admin → 403, no token → 401 - Endpoint: admin → success, non-admin → 403 Pending User-Actions nach Push+Deploy: 1. Migration deploy auf staging: ssh rebreak-server && cd /srv/rebreak && pnpm exec prisma migrate deploy 2. Seed-Admin eintragen: INSERT INTO "rebreak"."admin_users" ("user_id", "created_at") VALUES ('128df360-2008-4d6f-8aa1-bdb41ec1362f', NOW()) ON CONFLICT DO NOTHING; 3. Admin-App composables/useAdminAuth.ts kann dann verifyAdminRole() gegen GET /api/admin/verify-admin aufrufen Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 22:16:47 +02:00

Author

SHA1

Message

Date

chahinebrini

e12da5385c

feat(admin): Phase 3 — requireAdmin middleware + verify-admin endpoint

Backend-side admin-auth. Admin-App (apps/admin/) braucht das damit
useAdminAuth.verifyAdminRole() nach Login server-side prüfen kann ob User
in admin_users-tabelle steht.

New schema:
- model AdminUser → table rebreak.admin_users (user_id UUID PK FK Profile.id,
  created_at, added_by). Migration 20260508_admin_users/migration.sql.
- ⚠️  SCHEMA-MIGRATION — NICHT autopushen. User entscheidet wann pipeline
  triggert.

New backend code:
- backend/server/db/admin.ts: isAdminUser(userId) → boolean
- backend/server/utils/auth.ts: requireAdmin(event) wraps requireUser +
  isAdminUser-check. Throws 403 wenn nicht admin.
- backend/server/api/admin/verify-admin.get.ts: GET endpoint. Returns
  { isAdmin: true, userId, email } bei success, 403 sonst, 401 if not auth'd.

Tests (5 cases in tests/admin/verify-admin.test.ts):
- isAdminUser DB-layer: row exists/null
- requireAdmin: admin → user, non-admin → 403, no token → 401
- Endpoint: admin → success, non-admin → 403

Pending User-Actions nach Push+Deploy:
1. Migration deploy auf staging:
   ssh rebreak-server && cd /srv/rebreak && pnpm exec prisma migrate deploy
2. Seed-Admin eintragen:
   INSERT INTO "rebreak"."admin_users" ("user_id", "created_at")
   VALUES ('128df360-2008-4d6f-8aa1-bdb41ec1362f', NOW())
   ON CONFLICT DO NOTHING;
3. Admin-App composables/useAdminAuth.ts kann dann verifyAdminRole()
   gegen GET /api/admin/verify-admin aufrufen

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-08 22:16:47 +02:00

1 Commits