chore: import codes

src/features/admin/middleware/protect.js

@@ -0,0 +1,65 @@
+/**
+ * Admin Route Protection Middleware
+ * Utilities to protect admin routes and require admin role
+ */
+
+import { getSession } from '../../auth/actions/authActions.js';
+import { redirect } from 'next/navigation';
+
+/**
+ * Protect an admin page - requires authentication and admin role
+ * Use this in server components to require admin access
+ * 
+ * @param {Object} options - Protection options
+ * @param {string} options.redirectTo - Where to redirect if not authenticated (default: '/auth/login')
+ * @param {string} options.forbiddenRedirect - Where to redirect if not admin (default: '/')
+ * @returns {Promise<Object>} Session object with user data
+ * 
+ * @example
+ * // In a server component:
+ * import { protectAdmin } from '@hykocx/zen/admin';
+ * 
+ * export default async function AdminPage() {
+ *   const session = await protectAdmin();
+ *   return <div>Welcome Admin, {session.user.name}!</div>;
+ * }
+ */
+async function protectAdmin(options = {}) {
+  const { redirectTo = '/auth/login', forbiddenRedirect = '/' } = options;
+  
+  const session = await getSession();
+  
+  if (!session) {
+    redirect(redirectTo);
+  }
+  
+  if (session.user.role !== 'admin') {
+    redirect(forbiddenRedirect);
+  }
+  
+  return session;
+}
+
+/**
+ * Check if user is admin
+ * Use this when you want to check admin status without forcing a redirect
+ * 
+ * @returns {Promise<boolean>} True if user is admin
+ * 
+ * @example
+ * import { isAdmin } from '@hykocx/zen/admin';
+ * 
+ * export default async function Page() {
+ *   const admin = await isAdmin();
+ *   return admin ? <div>Admin panel</div> : <div>Access denied</div>;
+ * }
+ */
+async function isAdmin() {
+  const session = await getSession();
+  return session && session.user.role === 'admin';
+}
+
+export {
+  protectAdmin,
+  isAdmin
+};