Bas van Rossem 02b7522b87 feat(api): include role in /api/me + allow admin origin in CORS ...

Add `role: Role` to the shared `PublicUser` contract and return it from
`GET /api/me` (defaulting to 'worker' when the session user has no role).
This lets the planned admin app gate access by role.

Also add the admin dev origin `http://localhost:5174` to the default
`WEB_ORIGINS` (env.ts) and to `.env.example`, so the admin SPA on :5174 can
reach the API at :3000 cross-origin (drives both hono/cors and better-auth
trustedOrigins).

2026-06-17 18:53:39 +02:00

453 B

Raw Blame History

View Raw