From 4e12e02bc805170e6b03d33e0ef894b2a3021fb3 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Sun, 1 Jun 2025 11:13:55 +0200
Subject: Add alarm endpoints, basic budget routes, spend history

---
 src/api/middlewares/authMiddleware.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/api/middlewares/authMiddleware.js')

diff --git a/src/api/middlewares/authMiddleware.js b/src/api/middlewares/authMiddleware.js
index 1187112..8553517 100644
--- a/src/api/middlewares/authMiddleware.js
+++ b/src/api/middlewares/authMiddleware.js
@@ -1,5 +1,5 @@
 import { validateJwtToken } from '#util/jwtUtils.js';
-import { DbUser } from '#db/schemas/index.js';
+import { DbUser, UserType } from '#db/schemas/index.js';
 
 /**
  * @param options {AuthValidationOptions}
@@ -15,6 +15,12 @@ export function validateAuth(options) {
 
         const user = (req.user = await DbUser.findById(auth.id).exec());
 
+        // admin can do everything
+        if (user.type == UserType.ADMIN) {
+            next();
+            return;
+        }
+
         if (options.roles && !options.roles.includes(user.type)) {
             res.status(401).send('Unauthorized');
             return;
-- 
cgit 1.5.1