web/lib/admin-guard.ts

import { createClient } from "@/lib/supabase/server";
import { redirect } from "next/navigation";

const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];

export async function requireAdmin() {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();

  if (!user) redirect("/auth/login");

  // Check email first (fast)
  if (!ADMIN_EMAILS.includes(user.email || "")) {
    redirect("/dashboard-pages/dashboard");
  }

  // Double check role in DB
  const { data: profile } = await supabase
    .from("profiles")
    .select("role")
    .eq("id", user.id)
    .single();

  if (profile?.role !== "admin") {
    redirect("/dashboard-pages/dashboard");
  }

  return { user, supabase };
}