19280136912

Committed 11 Nov 2025 10:22PM UTC coverage: 74.556% (-6.7%) from 81.29%

Build # 19280136912

Build Type

push

github

Committed by

super3

Commit Message

Add admin role protection to admin API routes

- Create adminAuth middleware to check isAdmin in Clerk publicMetadata
- Apply requireAdmin middleware to all admin routes
- Returns 403 Forbidden if user is not admin

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Run Details

36 of 42 branches covered (85.71%)

Branch coverage included in aggregate %.

0 of 13 new or added lines in 2 files covered. (0.0%)

90 of 127 relevant lines covered (70.87%)

6.62 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/middleware/adminAuth.js

1	import { clerkClient } from '@clerk/clerk-sdk-node';
2
3	/**
4	* Middleware to check if user has admin role
5	* Checks publicMetadata.isAdmin from Clerk
6	*/
7	export async function requireAdmin(req, res, next) {
NEW 8	try {	×
NEW 9	const userId = req.auth.userId;	×
10
NEW 11	if (!userId) {	×
NEW 12	return res.status(401).json({ error: 'Unauthorized' });	×
13	}
14
15	// Fetch user from Clerk to get metadata
NEW 16	const user = await clerkClient.users.getUser(userId);	×
17
18	// Check if user has admin flag in public metadata
NEW 19	if (user.publicMetadata?.isAdmin !== 'true') {	×
NEW 20	return res.status(403).json({ error: 'Forbidden: Admin access required' });	×
21	}
22
NEW 23	next();	×
24	} catch (error) {
NEW 25	console.error('Error checking admin status:', error);	×
NEW 26	return res.status(500).json({ error: 'Failed to verify admin status' });	×
27	}
28	}

super3 / lowerproptax / 19280136912

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous