feat: implement Role-Based Access Control (RBAC) middleware for internal Admin dashboards

[knoxiboy]

Pull Request

Description

This PR addresses Issue #1933 by implementing Role-Based Access Control (RBAC) middleware for internal Admin dashboards.

• Updates src/middleware.ts to intercept requests to /admin routes.
• Verifies that an authenticated user possesses the admin role before allowing access, returning a 403 Forbidden response otherwise.

Closes #1933

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[vercel]

@knoxiboy is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds admin-only access control for /admin routes in the Next.js middleware.

Changes:

• Introduced an adminRoutes allowlist and isAdminRoute detection.
• Enforced authentication for admin routes and returned 403 for non-admin users.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Priyanshu-byte-coder]

This PR has merge conflicts with main — src/middleware.ts was recently refactored in #1940. Please rebase:

git fetch origin
git rebase origin/main
# Carefully integrate the RBAC admin route check alongside the existing auth rate limiting logic
git push --force-with-lease