Nexus_Mat/lib/middleware/adminMiddleware.ts

import { NextApiResponse } from 'next';
import { AuthenticatedRequest, requireAuth } from './authMiddleware';
import { UserRole } from '../../types';

/**
 * Middleware to require admin authentication
 * Returns 403 if user is not an admin
 */
export async function requireAdmin(
    req: AuthenticatedRequest,
    res: NextApiResponse
): Promise<boolean> {
    // First check if user is authenticated
    const isAuthenticated = await requireAuth(req, res);
    if (!isAuthenticated) {
        return false;
    }

    // Check if user has admin role
    if (req.user?.role !== UserRole.ADMIN) {
        res.status(403).json({ success: false, error: 'Admin access required' });
        return false;
    }

    return true;
}