enforce admin role by reading user role instead of hardcoding

app/(dashboard)/access-lists/page.tsx

@@ -1,7 +1,9 @@
 import AccessListsClient from "./AccessListsClient";
 import { listAccessLists } from "@/src/lib/models/access-lists";
+import { requireAdmin } from "@/src/lib/auth";
 
 export default async function AccessListsPage() {
+  await requireAdmin();
   const lists = await listAccessLists();
   return <AccessListsClient lists={lists} />;
 }

app/(dashboard)/audit-log/page.tsx

@@ -1,8 +1,10 @@
 import AuditLogClient from "./AuditLogClient";
 import { listAuditEvents } from "@/src/lib/models/audit";
 import { listUsers } from "@/src/lib/models/user";
+import { requireAdmin } from "@/src/lib/auth";
 
 export default async function AuditLogPage() {
+  await requireAdmin();
   const events = await listAuditEvents(200);
   const users = await listUsers();
   const userMap = new Map(users.map((user) => [user.id, user]));

app/(dashboard)/certificates/page.tsx

@@ -1,7 +1,9 @@
 import CertificatesClient from "./CertificatesClient";
 import { listCertificates } from "@/src/lib/models/certificates";
+import { requireAdmin } from "@/src/lib/auth";
 
 export default async function CertificatesPage() {
+  await requireAdmin();
   const certificates = await listCertificates();
   return <CertificatesClient certificates={certificates} />;
 }

app/(dashboard)/dead-hosts/page.tsx

@@ -1,7 +1,9 @@
 import DeadHostsClient from "./DeadHostsClient";
 import { listDeadHosts } from "@/src/lib/models/dead-hosts";
+import { requireAdmin } from "@/src/lib/auth";
 
 export default async function DeadHostsPage() {
+  await requireAdmin();
   const hosts = await listDeadHosts();
   return <DeadHostsClient hosts={hosts} />;
 }

app/(dashboard)/layout.tsx

@@ -1,8 +1,8 @@
 import type { ReactNode } from "react";
-import { requireUser } from "@/src/lib/auth";
+import { requireAdmin } from "@/src/lib/auth";
 import DashboardLayoutClient from "./DashboardLayoutClient";
 
 export default async function DashboardLayout({ children }: { children: ReactNode }) {
-  const session = await requireUser();
+  const session = await requireAdmin();
   return <DashboardLayoutClient user={session.user}>{children}</DashboardLayoutClient>;
 }

app/(dashboard)/page.tsx

@@ -1,5 +1,5 @@
 import db, { toIso } from "@/src/lib/db";
-import { requireUser } from "@/src/lib/auth";
+import { requireAdmin } from "@/src/lib/auth";
 import OverviewClient from "./OverviewClient";
 import {
   accessLists,
@@ -43,7 +43,7 @@ async function loadStats(): Promise<StatCard[]> {
 }
 
 export default async function OverviewPage() {
-  const session = await requireUser();
+  const session = await requireAdmin();
   const stats = await loadStats();
   const recentEvents = await db
     .select({

app/(dashboard)/proxy-hosts/page.tsx

@@ -3,8 +3,10 @@ import { listProxyHosts } from "@/src/lib/models/proxy-hosts";
 import { listCertificates } from "@/src/lib/models/certificates";
 import { listAccessLists } from "@/src/lib/models/access-lists";
 import { getAuthentikSettings } from "@/src/lib/settings";
+import { requireAdmin } from "@/src/lib/auth";
 
 export default async function ProxyHostsPage() {
+  await requireAdmin();
   const [hosts, certificates, accessLists, authentikDefaults] = await Promise.all([
     listProxyHosts(),
     listCertificates(),

app/(dashboard)/redirects/page.tsx

@@ -1,7 +1,9 @@
 import RedirectsClient from "./RedirectsClient";
 import { listRedirectHosts } from "@/src/lib/models/redirect-hosts";
+import { requireAdmin } from "@/src/lib/auth";
 
 export default async function RedirectsPage() {
+  await requireAdmin();
   const redirects = await listRedirectHosts();
   return <RedirectsClient redirects={redirects} />;
 }