admin soft delete functionality, also fixed google sign in when user doesn't have first and last name

2025-11-17 11:21:52 -05:00
parent 3a6da3d47d
commit e260992ef2
13 changed files with 580 additions and 33 deletions
--- a/backend/middleware/auth.js
+++ b/backend/middleware/auth.js
@@ -127,4 +127,23 @@ const requireVerifiedEmail = (req, res, next) => {
  next();
 };

-module.exports = { authenticateToken, optionalAuth, requireVerifiedEmail };
+// Require admin role middleware - must be used after authenticateToken
+const requireAdmin = (req, res, next) => {
+  if (!req.user) {
+    return res.status(401).json({
+      error: "Authentication required",
+      code: "NO_AUTH",
+    });
+  }
+
+  if (req.user.role !== "admin") {
+    return res.status(403).json({
+      error: "Admin access required",
+      code: "INSUFFICIENT_PERMISSIONS",
+    });
+  }
+
+  next();
+};
+
+module.exports = { authenticateToken, optionalAuth, requireVerifiedEmail, requireAdmin };