From d6ce178b4061050cfbfae25548fdd469392299e2 Mon Sep 17 00:00:00 2001
From: rob <rob@digitaltelepresence.com>
Date: Sun, 21 Apr 2024 19:39:12 -0400
Subject: [PATCH] require admin privs on all admin routes

---
 app/controllers/admin.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/admin.js b/app/controllers/admin.js
index c50d7d2..95b2ba7 100644
--- a/app/controllers/admin.js
+++ b/app/controllers/admin.js
@@ -29,9 +29,14 @@ export default class AdminController extends SiteController {
   }
 
   async start ( ) {
+    const { session: sessionService } = this.dtp.services;
+
     const router = express.Router();
     this.dtp.app.use('/admin', router);
 
+    const authRequired = sessionService.authCheckMiddleware({ requireLogin: true, requireAdmin: true });
+    router.use(authRequired);
+
     router.use('/user', await this.loadChild(path.join(__dirname, 'admin', 'user.js')));
 
     router.get(