2 files changed, 19 insertions, 0 deletions

diff --git a/api/routes.go b/api/routes.go
index 404f821..3adbfe9 100644
--- a/api/routes.go
+++ b/api/routes.go
@@ -55,6 +55,11 @@ var Groups = []Group{
                         {"GET", []gin.HandlerFunc{UserAccount}, "/account"},
                 },
         },
+        {
+                "/admin",
+                []Middleware{JwtAuth, UserConfirmed, UserIsAdmin, OtpAuth},
+                []Route{},
+        },
 }
 
 func Signup(c *gin.Context) {
diff --git a/api/user.go b/api/user.go
index a2737fd..bc24bbb 100644
--- a/api/user.go
+++ b/api/user.go
@@ -30,6 +30,20 @@ func UserConfirmed(c *gin.Context) *Error {
         return nil
 }
 
+func UserIsAdmin(c *gin.Context) *Error {
+        user, exists := c.Get("user")
+
+        if !exists {
+                return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")}
+        }
+
+        if user.(db.User).Role != db.RoleAdmin {
+                return &Error{NotAuthorized, "not authorized", fmt.Errorf("user '%v' is not admin", user)}
+        }
+
+        return nil
+}
+
 func GetUser(c *gin.Context) db.User {
         user, _ := c.Get("user")