feat: authenticate users in admin pages

2 files changed, 26 insertions, 3 deletions

diff --git a/backend/admin/handlers.go b/backend/admin/handlers.go
index f81856c..14523e6 100644
--- a/backend/admin/handlers.go
+++ b/backend/admin/handlers.go
@@ -10,6 +10,7 @@ import (
 	"github.com/jackc/pgx/v5/pgtype"
 	"github.com/labstack/echo/v4"
 
+	"github.com/nsfisis/iosdc-japan-2024-albatross/backend/auth"
 	"github.com/nsfisis/iosdc-japan-2024-albatross/backend/db"
 )
 
@@ -31,8 +32,28 @@ func NewAdminHandler(q *db.Queries, hubs GameHubsInterface) *AdminHandler {
 	}
 }
 
+func newAdminMiddleware() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			jwt, err := c.Cookie("albatross_token")
+			if err != nil {
+				return c.Redirect(http.StatusSeeOther, "/login")
+			}
+			claims, err := auth.ParseJWT(jwt.Value)
+			if err != nil {
+				return c.Redirect(http.StatusSeeOther, "/login")
+			}
+			if !claims.IsAdmin {
+				return echo.NewHTTPError(http.StatusForbidden)
+			}
+			return next(c)
+		}
+	}
+}
+
 func (h *AdminHandler) RegisterHandlers(g *echo.Group) {
 	g.Use(newAssetsMiddleware())
+	g.Use(newAdminMiddleware())
 
 	g.GET("/dashboard", h.getDashboard)
 	g.GET("/users", h.getUsers)
diff --git a/backend/main.go b/backend/main.go
index 2d38ee5..e2e4bbd 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -83,9 +83,11 @@ func main() {
 	adminGroup := e.Group("/admin")
 	adminHandler.RegisterHandlers(adminGroup)
 
-	// For local dev:
-	// This is never used in production because the reverse proxy sends /logout
-	// to the app server.
+	// For local dev: This is never used in production because the reverse
+	// proxy sends /login and /logout to the app server.
+	e.GET("/login", func(c echo.Context) error {
+		return c.Redirect(http.StatusPermanentRedirect, "http://localhost:5173/login")
+	})
 	e.POST("/logout", func(c echo.Context) error {
 		return c.Redirect(http.StatusPermanentRedirect, "http://localhost:5173/logout")
 	})