feat: auth-aware UI and role-based access control (#67)
## Summary - Add `is_admin` column to users table with Alembic migration and a `require_admin` FastAPI dependency that protects all admin-facing write endpoints (games, pokemon, evolutions, bosses, routes CRUD) - Expose admin status to frontend via user API and update AuthContext to fetch/store `isAdmin` after login - Make navigation menu auth-aware (different links for logged-out, logged-in, and admin users) and protect frontend routes with `ProtectedRoute` and `AdminRoute` components, preserving deep-linking through redirects - Fix test reliability: `drop_all` before `create_all` to clear stale PostgreSQL enums from interrupted test runs - Fix test auth: add `admin_client` fixture and use valid UUID for mock user so tests pass with new admin-protected endpoints ## Test plan - [x] All 252 backend tests pass - [ ] Verify non-admin users cannot access admin write endpoints (games, pokemon, evolutions, bosses CRUD) - [ ] Verify admin users can access admin endpoints normally - [ ] Verify navigation shows correct links for logged-out, logged-in, and admin states - [ ] Verify `/admin/*` routes redirect non-admin users with a toast - [ ] Verify `/runs/new` and `/genlockes/new` redirect unauthenticated users to login, then back after auth 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #67 Co-authored-by: Julian Tabel <juliantabel.jt@gmail.com> Co-committed-by: Julian Tabel <juliantabel.jt@gmail.com>
This commit was merged in pull request #67.
This commit is contained in:
@@ -1,11 +1,20 @@
|
||||
import { createContext, useContext, useEffect, useState, useCallback, useMemo } from 'react'
|
||||
import type { User, Session, AuthError } from '@supabase/supabase-js'
|
||||
import { supabase } from '../lib/supabase'
|
||||
import { api } from '../api/client'
|
||||
|
||||
interface UserProfile {
|
||||
id: string
|
||||
email: string
|
||||
displayName: string | null
|
||||
isAdmin: boolean
|
||||
}
|
||||
|
||||
interface AuthState {
|
||||
user: User | null
|
||||
session: Session | null
|
||||
loading: boolean
|
||||
isAdmin: boolean
|
||||
}
|
||||
|
||||
interface AuthContextValue extends AuthState {
|
||||
@@ -18,22 +27,35 @@ interface AuthContextValue extends AuthState {
|
||||
|
||||
const AuthContext = createContext<AuthContextValue | null>(null)
|
||||
|
||||
async function syncUserProfile(session: Session | null): Promise<boolean> {
|
||||
if (!session) return false
|
||||
try {
|
||||
const profile = await api.post<UserProfile>('/users/me', {})
|
||||
return profile.isAdmin
|
||||
} catch {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
export function AuthProvider({ children }: { children: React.ReactNode }) {
|
||||
const [state, setState] = useState<AuthState>({
|
||||
user: null,
|
||||
session: null,
|
||||
loading: true,
|
||||
isAdmin: false,
|
||||
})
|
||||
|
||||
useEffect(() => {
|
||||
supabase.auth.getSession().then(({ data: { session } }) => {
|
||||
setState({ user: session?.user ?? null, session, loading: false })
|
||||
supabase.auth.getSession().then(async ({ data: { session } }) => {
|
||||
const isAdmin = await syncUserProfile(session)
|
||||
setState({ user: session?.user ?? null, session, loading: false, isAdmin })
|
||||
})
|
||||
|
||||
const {
|
||||
data: { subscription },
|
||||
} = supabase.auth.onAuthStateChange((_event, session) => {
|
||||
setState({ user: session?.user ?? null, session, loading: false })
|
||||
} = supabase.auth.onAuthStateChange(async (_event, session) => {
|
||||
const isAdmin = await syncUserProfile(session)
|
||||
setState({ user: session?.user ?? null, session, loading: false, isAdmin })
|
||||
})
|
||||
|
||||
return () => subscription.unsubscribe()
|
||||
|
||||
Reference in New Issue
Block a user