ADD: added admin panel and archiv mandates

app/session.server.ts

@@ -1,6 +1,7 @@
 import { createCookieSessionStorage, redirect } from "react-router";
 import bcrypt from "bcryptjs";
 import prisma from "@/lib/prisma";
+import { log } from "@/lib/logger";
 
 const sessionStorage = createCookieSessionStorage({
   cookie: {
@@ -14,22 +15,43 @@ const sessionStorage = createCookieSessionStorage({
   },
 });
 
-export async function login(email: string, password: string) {
-  const user = await prisma.user.findUnique({ where: { email } });
-  if (!user) return null;
+export async function login(
+  identifier: string,
+  password: string,
+  request?: Request
+) {
+  // Allow login via email or username
+  const user = await prisma.user.findFirst({
+    where: {
+      OR: [{ email: identifier }, { username: identifier }],
+    },
+  });
+
+  if (!user) {
+    await log({ action: "LOGIN_FAILED", metadata: { identifier }, request });
+    return null;
+  }
+
   const valid = await bcrypt.compare(password, user.passwordHash);
-  if (!valid) return null;
-  return { id: user.id, email: user.email, name: user.name };
+  if (!valid) {
+    await log({ action: "LOGIN_FAILED", metadata: { identifier }, request });
+    return null;
+  }
+
+  await log({ userId: user.id, action: "LOGIN", entity: "User", entityId: user.id, request });
+  return { id: user.id, email: user.email, name: user.name, role: user.role };
 }
 
 export async function createUserSession(
   userId: string,
   userName: string,
+  userRole: string,
   redirectTo: string
 ) {
   const session = await sessionStorage.getSession();
   session.set("userId", userId);
   session.set("userName", userName);
+  session.set("userRole", userRole);
   return redirect(redirectTo, {
     headers: { "Set-Cookie": await sessionStorage.commitSession(session) },
   });
@@ -42,24 +64,33 @@ export async function getUserSession(request: Request) {
   return {
     userId: session.get("userId") as string | undefined,
     userName: session.get("userName") as string | undefined,
+    userRole: session.get("userRole") as string | undefined,
   };
 }
 
 export async function requireUser(request: Request) {
-  const { userId, userName } = await getUserSession(request);
+  const { userId, userName, userRole } = await getUserSession(request);
   if (!userId) throw redirect("/login");
-  return { id: userId, name: userName as string | undefined };
+  return { id: userId, name: userName as string | undefined, role: userRole as string | undefined };
+}
+
+export async function requireAdmin(request: Request) {
+  const user = await requireUser(request);
+  if (user.role !== "ADMIN") throw redirect("/");
+  return user;
 }
 
 export async function getApiUser(request: Request) {
-  const { userId } = await getUserSession(request);
-  return userId ? { id: userId } : null;
+  const { userId, userRole } = await getUserSession(request);
+  return userId ? { id: userId, role: userRole } : null;
 }
 
 export async function logout(request: Request) {
   const session = await sessionStorage.getSession(
     request.headers.get("Cookie")
   );
+  const userId = session.get("userId") as string | undefined;
+  await log({ userId, action: "LOGOUT", entity: "User", entityId: userId, request });
   return redirect("/login", {
     headers: { "Set-Cookie": await sessionStorage.destroySession(session) },
   });