From 85d313bc86d6590e2da91b3af07e4ad2e60db536 Mon Sep 17 00:00:00 2001
From: Mannu <manohar6839@gmail.com>
Date: Sun, 17 May 2026 12:22:17 +0530
Subject: [PATCH] fix(admin): use correct column name 'expires' in
 admin_sessions queries
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

verifyAdminSession() and requireAdmin() both used expires_at but the
admin_sessions table column is named expires — causing every session
check to silently fail and always redirect to /admin-login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/lib/admin-auth.ts | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/lib/admin-auth.ts b/src/lib/admin-auth.ts
index 2a440ff..99fcc06 100644
--- a/src/lib/admin-auth.ts
+++ b/src/lib/admin-auth.ts
@@ -15,9 +15,9 @@ export async function verifyAdminSession(): Promise<{
     if (!sessionToken) return { success: false };
 
     const sessions = await sql.unsafe(
-      `SELECT username, role FROM admin_sessions
+      `SELECT admins.username, admins.role FROM admin_sessions
        JOIN admins ON admins.id = admin_sessions.admin_id
-       WHERE session_token = $1 AND expires_at > NOW()
+       WHERE admin_sessions.session_token = $1 AND admin_sessions.expires > NOW()
        LIMIT 1`,
       [sessionToken]
     );
@@ -47,8 +47,9 @@ export async function requireAdmin(request: Request): Promise<{
 
   try {
     const sessions = await sql.unsafe(
-      `SELECT id, username, role, expires_at FROM admin_sessions
-       WHERE session_token = $1 AND expires_at > NOW()`,
+      `SELECT admin_sessions.id, admins.username, admins.role FROM admin_sessions
+       JOIN admins ON admins.id = admin_sessions.admin_id
+       WHERE admin_sessions.session_token = $1 AND admin_sessions.expires > NOW()`,
       [sessionToken]
     );