fix: secure admin pages with server-side authentication and role-based access

[jeromehardaway]

BREAKING CHANGES:

• Admin pages now require server-side authentication
• Hardcoded admin email replaced with database role checks
• All admin access now requires ADMIN role from database

Security Improvements:

• Convert all admin pages from getStaticProps to getServerSideProps
• Add server-side authentication checks before rendering admin pages
• Block unauthorized access at server level (not client-side)
• Replace hardcoded 'jeromehardaway' email with role-based checks

Pages Updated:

• admin/users.tsx: Fetch real user data from database, added role badges
• admin/courses.tsx: Fetch real course data with enrollment counts
• admin/index.tsx: Display real dashboard statistics, remove dev-session
• admin/blog-images.tsx: Add server-side auth protection
• courses/index.tsx: Use role check for admin dashboard link

Database Integration:

• admin/users: Query users with enrollment counts
• admin/courses: Query courses with module/enrollment counts
• admin/index: Aggregate platform statistics from database

This fixes critical security vulnerability where admin pages were:

1. Publicly accessible as static pages
2. Using client-side auth checks (bypassable)
3. Displaying mock data instead of real database data
4. Hardcoding admin access to single GitHub user

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
vets-who-code-app	Ready	Preview, Comment	Dec 31, 2025 6:06am

[Copilot]

Pull request overview

This PR implements critical security improvements by replacing hardcoded admin authentication with role-based access control and converting client-side admin pages to server-side rendering with proper authentication checks.

Key Changes:

• Replaced hardcoded email check with database role-based authentication system
• Converted all admin pages from getStaticProps to getServerSideProps for server-side protection
• Integrated real database queries to replace mock data across admin pages

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/pages/courses/index.tsx	Updated admin access check from hardcoded email to role-based verification
src/pages/admin/users.tsx	Converted to server-side rendering with database integration for user management
src/pages/admin/index.tsx	Replaced mock statistics with real database aggregations and removed dev-session logic
src/pages/admin/courses.tsx	Implemented server-side authentication and real course data from database
src/pages/admin/blog-images.tsx	Added server-side authentication protection to replace client-side checks

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The completion rate calculation is defined in the component body and will be recalculated on every render. Consider moving this calculation to the server-side in getServerSideProps where the stats are already being computed, or memoize it with useMemo if it needs to be client-side.

[github-actions]

🔍 Code Quality Score Breakdown:

• 📖 Readability: 2/10
• 📈 Scalability: 5/10
• 🚀 Performance: 5/10
• 🛠️ Maintainability: 8/10
• ✅ Overall Score: 5.0/10

💡 Recommendations:

• 🧹 Reduce ESLint warnings to improve readability.
• 📦 Break up complex functions or components.
• ⚙️ Consider splitting large files or lazy-loading.
• 🔁 Refactor to increase your overall score next cycle.

[github-actions]

🔍 Code Quality Score Breakdown:

• 📖 Readability: 2/10
• 📈 Scalability: 5/10
• 🚀 Performance: 5/10
• 🛠️ Maintainability: 8/10
• ✅ Overall Score: 5.0/10

💡 Recommendations:

• 🧹 Reduce ESLint warnings to improve readability.
• 📦 Break up complex functions or components.
• ⚙️ Consider splitting large files or lazy-loading.
• 🔁 Refactor to increase your overall score next cycle.