import jwt from 'jsonwebtoken'; export function authenticateAdmin(req, res, next) { const authHeader = req.headers.authorization; if (!authHeader || !authHeader.startsWith('Bearer ')) { return res.status(401).json({ success: false, message: 'Access denied. No token provided.' }); } const token = authHeader.split(' ')[1]; try { const decoded = jwt.verify(token, process.env.JWT_SECRET || 'fallback_secret_key'); req.user = decoded; next(); } catch (error) { return res.status(401).json({ success: false, message: 'Invalid or expired token.' }); } }