Add API utility for requiring an admin session

server/api/admin/delete-database.post.ts

@@ -1,13 +1,6 @@
 import { deleteDatabase } from "~/server/database";
 
 export default defineEventHandler(async (event) => {
-	const session = await requireServerSession(event);
+	await requireServerSessionWithAdmin(event);
-	if (session.account.type !== "admin") {
-		throw createError({
-			statusCode: 403,
-			statusMessage: "Forbidden",
-		});
-	}
-
 	await deleteDatabase();
 })

server/api/admin/user.patch.ts

@@ -4,13 +4,7 @@ import { z } from "zod/v4-mini";
 import { broadcastEvent } from "~/server/streams";
 
 export default defineEventHandler(async (event) => {
-	const session = await requireServerSession(event);
+	await requireServerSessionWithAdmin(event);
-	if (session.account.type !== "admin") {
-		throw createError({
-			statusCode: 403,
-			statusMessage: "Forbidden",
-		});
-	}
 	const { success, error, data: patch } = apiUserPatchSchema.safeParse(await readBody(event));
 	if (!success) {
 		throw createError({

server/utils/session.ts

@@ -70,3 +70,14 @@ export async function requireServerSession(event: H3Event) {
 		});
 	return session;
 }
+
+export async function requireServerSessionWithAdmin(event: H3Event) {
+	const session = await requireServerSession(event);
+	if (session.account.type !== "admin") {
+		throw createError({
+			statusCode: 403,
+			statusMessage: "Forbidden",
+		});
+	}
+	return session;
+}