From c8bae6ab79a32da0fe745ebb9401e14f86c1f0d8 Mon Sep 17 00:00:00 2001
From: Pinapelz <yukais@pinapelz.com>
Date: Wed, 3 Sep 2025 21:16:16 -0700
Subject: add admin role to user, return result in /me route

---
 backend/schema.prisma      |  1 +
 backend/src/routes/auth.ts |  1 +
 backend/src/routes/user.ts | 13 ++++++++++---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/backend/schema.prisma b/backend/schema.prisma
index f51093b..3dda29d 100644
--- a/backend/schema.prisma
+++ b/backend/schema.prisma
@@ -15,6 +15,7 @@ model User {
   email    String    @unique
   sessions Session[]
   scores Score[]
+  isAdmin Boolean
 }
 
 model Session {
diff --git a/backend/src/routes/auth.ts b/backend/src/routes/auth.ts
index 4c6c374..f857dea 100644
--- a/backend/src/routes/auth.ts
+++ b/backend/src/routes/auth.ts
@@ -34,6 +34,7 @@ export const handleRegistration = async (req: express.Request, res: express.Resp
         password: hashedPassword,
         salt,
         email,
+        isAdmin: false
       }
     });
 
diff --git a/backend/src/routes/user.ts b/backend/src/routes/user.ts
index a03ece0..7db25db 100644
--- a/backend/src/routes/user.ts
+++ b/backend/src/routes/user.ts
@@ -4,8 +4,15 @@ import { prisma } from '../config/db';
 
 export const handleMeRoute = async (req: express.Request, res: express.Response) => {
   try {
-    const user = (req as any).user;
-    res.json(user);
+    if (!req.session.userId) {
+      return res.status(403).json({ error: 'Not Authenticated' });
+    }
+    const user = await prisma.user.findUniqueOrThrow({
+      where: { id: req.session.userId },
+      select: { id: true, username: true, isAdmin: true }
+    });
+    const isAdmin = user.id === 1 || user.isAdmin;
+    res.json({user, isAdmin});
   } catch (error) {
     console.error('Me endpoint error:', error);
     res.status(500).json({ error: 'Internal server error' });
@@ -20,7 +27,7 @@ export const handleGetCurrentSession =  async (req: express.Request, res: expres
 
     const user = await prisma.user.findUnique({
       where: { id: req.session.userId },
-      select: { id: true, username: true, email: true }
+      select: { id: true, username: true, isAdmin: true }
     });
 
     if (!user) {
-- 
cgit v1.2.3