Files

ci/woodpecker/push/ci Pipeline failed

Details

fix(web): admin page role check — stop false redirect to /chat (#203 )

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

2026-03-17 02:38:25 +00:00

1.4 KiB

Raw Permalink Blame History

BUG-196: Admin Page Redirect Issue

Problem

Admin page redirects to /chat for users with admin role because role check fails.

Root Cause

The role field is defined as an additionalField in better-auth's user configuration, but better-auth v1.5.5 does not automatically include additionalFields in the session response from the getSession() API. This causes the admin role check to fail:

Frontend: AdminRoleGuard checks user?.role !== 'admin'
Backend: AdminGuard checks user.role !== 'admin'
When role is undefined, both checks treat the user as non-admin and deny access

Solution

Implemented a defensive check in the backend AdminGuard that:

First tries to use the role field from the session (if better-auth includes it)
Falls back to fetching the role directly from the database if it's missing
Defaults to 'member' if the user has no role set

This ensures that admin users can always access the admin panel, and also protects against the case where better-auth doesn't include the additionalField in future versions.

Files Changed

/apps/gateway/src/admin/admin.guard.ts - Added fallback role lookup
/packages/auth/src/auth.ts - No changes needed (better-auth config is correct)

Verification

All three quality gates pass: typecheck, lint, format:check
Backend admin guard now explicitly handles missing role field
Frontend admin guard remains unchanged (will work once role is available)

1.4 KiB Raw Permalink Blame History