p0-auth-admin-user-roles

donetype/backlog

Backlog: Auth.js — admin + user roles

TL;DR

Implemented Auth.js in ~/Project/lumendev-core: Google + email/password, JWT, Mongo adapter, admin / user roles, selective middleware (public / vs /admin + booking POST).

Acceptance Criteria

[ ] Google OAuth works in dev and prod redirect URIs (prod pending Vercel URL + OAuth console).
[x] Email/password sign-in and registration (minimal validation) works locally.
[x] Session exposes role; admin cannot be granted by public registration alone.
[x] /admin/* requires admin; booking POST requires user or admin (501 stub).

Shipped (2026-05-21)

Repo path: ~/Project/lumendev-core
ADMIN_EMAILS allowlist; register always role: user
Docs: repo docs/utility/authentication.md, vault context/authjs-implementation.md

Priority

p0 — unblocks booking and admin backlog items.