Fix admin route access and backend configuration

- Added /admin redirect to login page in nginx config
- Fixed backend server.js route ordering for proper admin handling
- Updated authentication middleware and routes
- Added user management routes
- Configured PostgreSQL integration
- Updated environment configuration

backend/middleware/auth.js

@@ -1,28 +1,34 @@
 const requireAuth = (req, res, next) => {
-  if (req.session && req.session.adminId) {
+  if (req.session && req.session.user && req.session.user.id) {
     return next();
   }
-  res.redirect('/admin/login');
+  res.status(401).json({ success: false, message: "Authentication required" });
 };
 
 const requireRole = (allowedRoles) => {
+  // Allow single role or array of roles
+  const roles = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];
+
   return (req, res, next) => {
-    if (!req.session || !req.session.adminId) {
-      return res.redirect('/admin/login');
+    if (!req.session || !req.session.user || !req.session.user.id) {
+      return res
+        .status(401)
+        .json({ success: false, message: "Authentication required" });
     }
-    const userRole = req.session.role || 'user';
-    if (allowedRoles.includes(userRole)) {
+
+    const userRole = req.session.user.role_id || "role-admin";
+
+    if (roles.includes(userRole)) {
       return next();
     }
-    res.status(403).send('Access denied');
+
+    res.status(403).json({
+      success: false,
+      message: "Access denied. Insufficient permissions.",
+      required_role: roles,
+      your_role: userRole,
+    });
   };
 };
 
-const redirectIfAuth = (req, res, next) => {
-  if (req.session && req.session.adminId) {
-    return res.redirect('/admin/dashboard');
-  }
-  next();
-};
-
-module.exports = { requireAuth, requireRole, redirectIfAuth };
+module.exports = { requireAuth, requireRole };