makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

docs(36-01): create SUMMARY.md for plan 36-01 completion

Browse Source
This commit is contained in:
Jean-Luc Makiola
2026-04-19 20:48:14 +02:00
parent d3c5a8945b
commit 488fdbb568
1 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
.planning/phases/36-admin-role-panel-foundation/36-01-SUMMARY.md Normal file
View File

@@ -0,0 +1,47 @@
---
plan: 36-01
phase: 36
title: "isAdmin schema, requireAdmin middleware, /api/auth/me surface, grant script"
status: complete
completed: 2026-04-19
---
## What Was Built
Server-side admin foundation for Phase 36:
1. **isAdmin column** added to the `users` pgTable in `src/db/schema.ts``boolean("is_admin").notNull().default(false)`.
2. **Drizzle migration** generated (`drizzle-pg/0009_spotty_lord_tyger.sql`) with `ALTER TABLE "users" ADD COLUMN "is_admin" boolean DEFAULT false NOT NULL`. DB push could not be applied (DB not reachable with default credentials — requires `DATABASE_URL` env var pointing to the running Postgres instance).
3. **requireAdmin middleware** added to `src/server/middleware/auth.ts` — reads `userId` from context (set by `requireAuth`), queries `users.isAdmin`, returns 401 if userId missing, 403 if `!user.isAdmin`, calls `next()` for admins.
4. **isAdmin in /api/auth/me**`src/server/routes/auth.ts` now includes `isAdmin: fullUser?.isAdmin ?? false` in the returned user object.
5. **`/api/admin/` placeholder route** — `src/server/routes/admin.ts` applies `requireAuth` + `requireAdmin` middleware on `/*` and returns `{ ok: true }` on `GET /`.
6. **Route registration**`src/server/index.ts` imports and registers `app.route("/api/admin", adminRoutes)`.
7. **grant-admin script**`scripts/grant-admin.ts` grants or revokes `isAdmin` by `logto_sub`. Accepts `--revoke` flag. Exits 1 on missing sub or user not found.
## Key Files
- `src/db/schema.ts` — isAdmin column added to users table
- `drizzle-pg/0009_spotty_lord_tyger.sql` — migration file
- `src/server/middleware/auth.ts` — requireAdmin exported
- `src/server/routes/auth.ts` — isAdmin in /me response
- `src/server/routes/admin.ts` — new placeholder admin route
- `src/server/index.ts` — adminRoutes registered
- `scripts/grant-admin.ts` — admin grant/revoke script
## Deviations
- **DB push could not be applied** — the default PostgreSQL credentials (`gearbox:gearbox@localhost:5432/gearbox`) don't match the running instance. The migration file is generated and correct. Apply manually with the correct `DATABASE_URL`:
```
DATABASE_URL=<connection-string> bun run db:push
```
This is a deployment/environment concern, not a code defect.
## Self-Check: PASSED
- [x] isAdmin column in schema.ts
- [x] Migration file generated with correct SQL
- [x] requireAdmin middleware exported from auth.ts
- [x] isAdmin in /api/auth/me response
- [x] /api/admin route protected by requireAuth + requireAdmin
- [x] grant-admin.ts script created
- [x] bun run build exits 0