fix(admin): use correct column name 'expires' in admin_sessions queries

verifyAdminSession() and requireAdmin() both used expires_at but the
admin_sessions table column is named expires — causing every session
check to silently fail and always redirect to /admin-login.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/lib/admin-auth.ts

@@ -15,9 +15,9 @@ export async function verifyAdminSession(): Promise<{
     if (!sessionToken) return { success: false };
 
     const sessions = await sql.unsafe(
-      `SELECT username, role FROM admin_sessions
+      `SELECT admins.username, admins.role FROM admin_sessions
        JOIN admins ON admins.id = admin_sessions.admin_id
-       WHERE session_token = $1 AND expires_at > NOW()
+       WHERE admin_sessions.session_token = $1 AND admin_sessions.expires > NOW()
        LIMIT 1`,
       [sessionToken]
     );
@@ -47,8 +47,9 @@ export async function requireAdmin(request: Request): Promise<{
 
   try {
     const sessions = await sql.unsafe(
-      `SELECT id, username, role, expires_at FROM admin_sessions
-       WHERE session_token = $1 AND expires_at > NOW()`,
+      `SELECT admin_sessions.id, admins.username, admins.role FROM admin_sessions
+       JOIN admins ON admins.id = admin_sessions.admin_id
+       WHERE admin_sessions.session_token = $1 AND admin_sessions.expires > NOW()`,
       [sessionToken]
     );