AdminCoursePage added..... admin routes protection added

server/server.js

@@ -19,6 +19,7 @@ const optionsRoutes = require("./routes/optionsRoutes");
 const consolidatedRoutes = require("./routes/consolidatedRoutes");
 const emailRoutes = require("./routes/emailRoutes");
 const Course = require("./models/Course");
+const User = require("./models/User");
 
 // MongoDB Connection
 mongoose
@@ -195,6 +196,7 @@ app.get("/api/auth-check", (req, res) => {
   const token = req.cookies.token; // Retrieve the httpOnly cookie
 
   if (!token) {
+    console.log("Tehehe");
     return res.status(401).json({ message: "Unauthorized" });
   }
 
@@ -206,6 +208,30 @@ app.get("/api/auth-check", (req, res) => {
   }
 });
 
+app.get("/api/me", async (req, res) => {
+  try {
+    const token = req.cookies.token; // ✅ Get token from request cookies
+    if (!token) return res.status(401).json({ message: "Unauthorized - No Token" });
+
+    const decoded = jwt.verify(token, process.env.JWT_SECRET); // ✅ Verify token
+
+    // ✅ Fetch user from DB to ensure latest `isAdmin` value
+    const user = await User.findById(decoded.userId);
+    if (!user) return res.status(404).json({ message: "User not found" });
+
+    res.json({
+      userId: user._id,
+      isAdmin: user.isAdmin, // ✅ Return actual `isAdmin` value
+      exp: decoded.exp,
+      iat: decoded.iat
+    });
+
+  } catch (error) {
+    console.error("JWT Verification Error:", error.message);
+    res.status(401).json({ message: "Invalid token" });
+  }
+});
+
 
 // User Profile Route
 app.get("/api/user/profile", async (req, res) => {