const User = require("../models/User");

module.exports = async function (req, res, next) {
  try {
    const user = await User.findById(req.user.id);
    
    if (!user || !user.isAdmin) {
      return res.status(403).json({ 
        success: false, 
        msg: "Access denied. Admin privileges required." 
      });
    }
    
    next();
  } catch (err) {
    console.error("Admin auth error:", err.message);
    return res.status(500).json({ success: false, msg: "Server error" });
  }
};