feat: auth

2026-02-04 08:04:46 -08:00
parent 8f3aeb9391
commit e167a17bd9
12 changed files with 673 additions and 9 deletions
@@ -0,0 +1,21 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { FastifyReply, FastifyRequest } from "fastify";
+
+/**
+ * Middleware to check if the authenticated user is an admin.
+ * Must be used after app.authenticate.
+ */
+export async function adminGuard(
+  request: FastifyRequest,
+  reply: FastifyReply
+): Promise<void> {
+  const user = request.user as any;
+  if (!user || !user.isAdmin) {
+    return reply.code(403).send({ error: "Forbidden: Admin access required" });
+  }
+}