manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(admin): use correct column name 'expires' in admin_sessions queries

Browse source 
verifyAdminSession() and requireAdmin() both used expires_at but the
admin_sessions table column is named expires — causing every session
check to silently fail and always redirect to /admin-login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-05-17 12:22:17 +05:30
parent fc0e75b5ad
commit 85d313bc86
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/lib/admin-auth.ts
View file

@ -15,9 +15,9 @@ export async function verifyAdminSession(): Promise<{
if (!sessionToken) return { success: false }; if (!sessionToken) return { success: false };
const sessions = await sql.unsafe( const sessions = await sql.unsafe(
`SELECT username, role FROM admin_sessions `SELECT admins.username, admins.role FROM admin_sessions
JOIN admins ON admins.id = admin_sessions.admin_id JOIN admins ON admins.id = admin_sessions.admin_id
WHERE session_token = $1 AND expires_at > NOW() WHERE admin_sessions.session_token = $1 AND admin_sessions.expires > NOW()
LIMIT 1`, LIMIT 1`,
[sessionToken] [sessionToken]
); );
@ -47,8 +47,9 @@ export async function requireAdmin(request: Request): Promise<{
try { try {
const sessions = await sql.unsafe( const sessions = await sql.unsafe(
`SELECT id, username, role, expires_at FROM admin_sessions `SELECT admin_sessions.id, admins.username, admins.role FROM admin_sessions
WHERE session_token = $1 AND expires_at > NOW()`, JOIN admins ON admins.id = admin_sessions.admin_id
WHERE admin_sessions.session_token = $1 AND admin_sessions.expires > NOW()`,
[sessionToken] [sessionToken]
); );