hammer/hammer-queue
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: session-based auth, admin roles, user management

Browse Source 
- All logged-in users can create/edit/manage tasks (no bearer token needed)
- Added user role system (user/admin)
- Donovan's account auto-promoted to admin on startup
- Admin page: view users, change roles, delete users
- /api/me endpoint returns current user info + role
- /api/admin/* routes (admin-only)
- Removed bearer token UI from frontend
- Bearer token still works for API/bot access
This commit is contained in:
Hammer
2026-01-29 01:33:18 +00:00
parent 210fba6027
commit 93746f0f71
8 changed files with 401 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/src/routes/tasks.ts
View File

@@ -68,6 +68,19 @@ async function requireSessionOrBearer(request: Request, headers: Record<string,
throw new Error("Unauthorized");
}
async function requireAdmin(request: Request, headers: Record<string, string | undefined>) {
// Bearer token = admin access
const authHeader = headers["authorization"];
if (authHeader === `Bearer ${BEARER_TOKEN}`) return;
// Check session + role
try {
const session = await auth.api.getSession({ headers: request.headers });
if (session?.user && (session.user as any).role === "admin") return;
} catch {}
throw new Error("Unauthorized");
}
// Resolve a task by UUID or sequential number (e.g. "5" or "HQ-5")
async function resolveTask(idOrNumber: string) {
// Strip "HQ-" prefix if present