From ebd4e40a414136dabbfaf18814db0e1177de82d7 Mon Sep 17 00:00:00 2001
From: Erol <erol.haagenrud@envide.no>
Date: Mon, 2 Mar 2026 09:05:18 +0100
Subject: [PATCH] =?UTF-8?q?F=C3=B8r=20mandagens=20fors=C3=B8k=20p=C3=A5=20?=
 =?UTF-8?q?=C3=A5=20l=C3=B8se=20innlogging=20til=20kontrollpanelet?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/__pycache__/main.cpython-311.pyc | Bin 7814 -> 11659 bytes
 backend/create_admin.py                  |  44 +++++++
 backend/main.py                          | 154 +++++++++++++++--------
 backend/requirements.txt                 |   3 +
 frontend/src/app/admin/login/page.tsx    | 102 +++++++++++++++
 frontend/src/app/admin/page.tsx          |  91 ++++++++++++++
 frontend/src/components/Header.tsx       |   2 +-
 frontend/src/config/constants.ts         |  25 +++-
 frontend/src/middleware.ts               |  36 ++++++
 9 files changed, 399 insertions(+), 58 deletions(-)
 create mode 100644 backend/create_admin.py
 create mode 100644 frontend/src/app/admin/login/page.tsx
 create mode 100644 frontend/src/app/admin/page.tsx
 create mode 100644 frontend/src/middleware.ts

diff --git a/backend/__pycache__/main.cpython-311.pyc b/backend/__pycache__/main.cpython-311.pyc
index 105c763d842569c4043ce85db90262b102ffdf4f..0cdd5f3aec057c109504798b6dba0a7fa4f5fa10 100644
GIT binary patch
literal 11659
zcmc&)eQX=&dB5ZFn-nQgUzR0X=MPz;W6@tqW-DKlC8}~PORl6QHj|E^ct?s7zjAks
zEtziA#9i4=Xq3!@)h<P~qRE^^!}8C7U|4}VO^5z7fDAa8JHSBEA;9t<J$r!BzxI3Y
z_;sYDWI(zdkI&t`pU?Z=-S782&wGE{)MTZw{d@N35vrS_{)1eUH&f~4VOB>`w<(VD
zQ5?<bqI68>)5RDc6Vv<jF@w(#Gy04%lg~txd?sp+S$r1dTpzW@Y(ATEZiw1_cH|qP
zO}-}O=<qp|qtoZa(HL!xHT#-lExwkR%jZ(+n4+z*HeXw;-Pf*Mo1-1EPG6^TZi()R
zb@{qzN=NZs??crO%X(8vnsae)If1isw)ZiH5AjzwUpH#imaub8btQT@hi@NBb#l%y
z%{6be)aCEzTsJ9SFK^>od0j}ywcXTfweYd1t>fBxcB`YV?g9S5=E1TqwMX6(rnt_Z
z)7&1e3%%mMwfB7kG{;}vXbN=?m9J`#T=)AlO5(3>Tn~R3dhKh_t8d2^_BXb`_44|V
zo?{zYIf7RD%YD@zxdU~r9K1=@&CI}#br03mJ<Pi?hQ5a0kM7vQk-8T88+w0&Gt5%%
zfz&@?s;qNfFFQRx&Yl|?z2Kc1V@EEXXJ0$*dCK!7JIKyWc-isuQzMh?#gW-L?+p8*
zcV_nd^pth*>)Wg|-fws(*^|TUIU%*giju$%M3$C#au$h)-E1f!u+nmpA6$sUC8T&t
zHBJq)=i^J!6vqo}AR0x5)cmU{UWo9bQfEF8=S3+Xr9?InW*1V?=pYx60_EzbhuN9L
zd`gtq7iOoY29p6nMC0rLx{C!QzmT}9cKz%3Sai$@JUcEV;u0U{2A70@xL9syXqbKB
zrMW?o7Z($8s1gl?1!xdqC+6lZ4JP8zWj2^dEI}*J*E(%qkY~<qluhFSQNmr5n@ES=
zYe7CKMG|q@Jj090L|o)$<EYZVY#QT}P+ycyGdw0rl-#uJ7@eM(y%^!RD1S8|@JMM5
zh|BR{kPP*j6br-yVP2SWGqM?z$4ikIFYC#fY$4|yAC&@boy;s=m1HyK!7B&}0j=0a
zh2^9)s<wh_TQm{i{9FR__nK@U8<`t9H!|z>e`{uP<@sbnl*pXD8XZ1<T;lmeDC7@t
zu}FNlbRqIVftUQrfGA!~2;84?^TSULojz46D_ha8f7UxX<DHX_h^Ztm_)9f{3xRl;
z_e%>A(I1KXlR|<^1(n$`Ow68o@+r9~Ilsh(PWi=!0J+o$Qc?oLF^RziKE{i(mE)5F
zAH;aMU<Ft(??(I?{2%^Ep@uZIs^jQcN~$T7rnE2O4N%7z_3fz}I*HUQZE1S50?Oqy
za!l*AwI$MHX_L(5Gl~l7w9qQ-OVepxSEaya1vo27IMKopsqqX_*QNo!%+Ki?OqzkF
zksJE7K25(y2|<+5SKGW{NE=p-VTz<G^*S^oGD!AnUv=6YmYmhR#mYF+2JL7oEsq`o
znN@qbLaj|+W3EtF>AD_W)mF7ViiT?KwMC3ikMSAP#xEaV<o|4Z)t+`7Uv+p?{rIZ2
z*A~-w2Hl30?^{`HF9yUV;1R(*HY5a;llg$i$A^{dlOFa$BK{gLNW7pHOW+_yqU`zE
z=|L3*Jxa+_9`+K@5xFWPM?w*vQ&3YW&M!$kdudr(NW=#d^NZwCP%BR1RccWo*q=%g
z)ZqL9Nw(r`E}gs0vNM=Sp>e-j4)2^vO~6T*z`C$3n}H5|Jj4TfLV;IB*(@$3q?JS>
zCfmhCFcOIRqmlTMC>s_MQC@WGWlJE&$0HIjS7u(5!m>FohW%tBWJfp=4FzHefmg2G
zR-joV2%RE8f2a@-@-h?VC4oG{f(=5pM8t$T9WsLnkoAiq;MG6?O_cS~2yoOSGvEuE
z=457xUzVFm3FstBeoR#q#SF?3$^@dNT+(YPS0siexntP=U_Ty6CXdGgk+>(hEL*E=
zB%DR5Ui`(kfHJF8(N39dtJe$8){OMI*`AsGfo09II#M)J&8Lf$&M=^e40GSsz8<*E
zzr$~gzP)&B@x7tH-;+IfDrY;Lx1k(u87Q=Otc$l^yw~3MS$kiuy+7aHpBc#ne=z>I
zXk_*ni&R-;^=(Bn<vLiTOom}aWDEsc^ZH0;I5S*uwXS<_4P-_OPFLporm!)x!T)$-
zW8!{G_r~aZt+|%Id`lnNY8t-J9{z>(&gs8#{=&Kb&GppVm)9>pE;RRTp4y-{`hINQ
z!0++n$M@TNH<|b5a_vX+?MJirvmXg}M(*$*Oh74W&kJ<6^E}!0ZH1Nt|G)bD&Sqbo
z5clB5eA3Z*&ZGOpV><UIhEI*1WBYZV?l+C~8)OEzw2?l5`wtJ}R$c(a-KH!W@>r}8
ziKIu%r43$!j$^j;?<4KQO8T4dOs+F8Qn#5u*Qcq)3c2_zB_#43m)od=TAGR<IYiY$
z_F+osx<PB|7}NA$Q$MYvBpLwu2F+17=<m>1>8q3q%pCO+1zl+5*66ZW(PgvjRh1P|
zj#@&h9T9vT3ZQ11`hqao7i~lk(jgWJOa#9eS>bUOxTc-~O=2)wI6tvY5-BMKr;hsl
zyWeBS@b(k*W0Q$QluaZ->k{ml6k(3v|8%XAAL1j?VHUV#QtY5)ShlHf<tG(o<JdW3
zw8#bmSHL4B(U63tD#@0r@nr}`6C&@{3Bzb!rg@Q&Jj)7a$fY?N3BfiC#DxpEd;x#)
z9>jm*hu7L@GBn@sJ(BM|b>HsV_~sqg$1_Dn$66my5RZt!i@kSekzv*>YmWamQWi(n
z@kGviEN?!RRrbgCZEXY;nycczxhd;7vUw5$d(PaSH}_}F{RM|JW5P@LxM)Ceax_u~
z>#A4%6|7Bb?lsRn>;BKI`*T({Z)LOk9e1%4W4rmx2u<Ckts{q-ySBEGUgmDE0p}|%
zb38vC3e|WWpbUc)k%0STa@@>H`+_7TMOcRMW!|G2gr0a}rHv#vq$-7x8chTP(FNF*
z!>3Q2I58*FN5KkBpp(Q^e?o|af%S5WdWpNs@o+2xQL$Vi#)Hg&+NBB$d;mU%xZ(sf
zM~=fpTtNG1LNSB`nitywo!`X&;Sg@P`eIACEN|7<da+{lZB|~`aw&4uz7Rvyn>0t4
zU-BC?tj5X<Ra=YGrK#;LK912^SXwIrFI=^CU0Np$)dIryuk4OJ>9swjb)2DUJ8JtC
zTcnn%{+y9BZJD(t-k_z{YKcW9SVOMSDpPHhvq<DAD{YGv`%^oM62XGf##y&)T0K{g
z!`a_uq@HpaijwwM&$pW1$DR7Ha<^_UoFmO}&UbY|*#6|F)%;DQmhTu12s=cbq-xVd
z{Z*X`nKX3;6hMMH0J`RtCub!-O#I<l*iuU@@p|C&5FZwhl@f@LDe<wSUrH?TamCX;
zH9q2*T6t>LJLw&rV~?`qGt(DY#e)*rmnOV3UN!~mEe@lIeU?3ZlAWGmc~}@x<w`b}
zGi7tx!-8K_^0oX60de7rw?RiM?6<<pQ7#f@=i#T5=3a}lJTcJ9Dt@4oZ6#|jnBd@d
za=e6I<^%<=Y1st4PDwD(7#LEidD#S?o4j{2!(U5&K*MT_hVgPr3o)5F6(Vk>UX=Kx
zY^@I0-K-$0;Kh9r#vuUH!B<le0UQwGrQib0FyRT3ZcAR}{3S0|Hp0w}gq8*J(g+Tc
zZRF!bN7ceJrlepT6`M$oRrMtO7ra+w%gE$6rf1I2O<Z*Ag&C5oN0TuAl*tu>ND)b!
zEH)L}VHN@zgg6o-B==*?oC@qf<mT43<+bnJbM}4a?8`a(^UnSv)nqukySOt{=-7KZ
z_D-x|A1m0K-<tU0#JVqMXY+RUfr04+B|yNiYS~$23`Hx|+)k{$SLmN!xYy(PtjBXl
z`iE<OckN?q?)Yf__~@^`_1ow3-j{PdujG4PQ48L8_1+oHp7CW}FXvn@=Up#n?Js}c
zzUP*&(AKqaG~d?u(cxcS`{&nl&tJ+vf9c<5U&->J>})tU8_q*MAI{nru-~_Lyyq?&
zm=5q41eEQtW~?wHyY}DlWu0fR7rPth-~pMJM_)cUyHDNjxrEks?Lj2A!PcmG%*1?Z
zvW~TwK5e5RSK6vPpgvcFcv@vMA{a`%C0K!WR3|R(oA^I;062EH^Z=-}HBm|304#Wj
zs&UPoLIH@C>gpg0P`*Q(b#!opiFXiJTVwU<Im4Dw3u<rBCHK1mu@tpfvFNG}{U#y8
zhD{5{3aOdO5J`d!n-zGkt;(6xj8+TKRkfaBd+1LaI7^ivv@=Ko0Gs4xZ`gLc2Ucwh
z+AGjlt%a@UY>o3)8yZ?95TtBrMj|d<X<KYApJ``GI#f<46a^yEJP!(SIo{Rn^jvH?
z>z)b|%!itQNln|$X%pANxwzJ?w)&_$*UoiBXi%Mr{OaxpQp@+ThUzM5+fbbeRM)w3
zRG~Tqa#gCEo1VKwcus_A4k3z&W0r!a9tCU>NVHZ+LKI$s>cUG9DdHB)su9>YyATlA
zlob8-$4N=JjEt$3lO<|QNXb%Y@XI(-wpPm$(C7G-rg69iEVy=X3721xHvsw|=78`8
zEPX|pKSQG6hk)%!BADn+8O5B;L<85x-3H+_$uuAikOE~98<s?f5zzoSixGGfMuaX?
zpfjV&qzFZ(f<ZLmZY>cP$1B7|NKRNJVu=Wa*@&}IrAC1xmpp`QNG@YIvYt$^5GKhB
zM39G8AT(8CKFm8Plf<gsW`*vA1TqOvFOz78Fh`0;iHMPOy+j(dg(7i8U=(XaBydN_
zkZdX;T2+Yj10sd*A@@4|VjF<2?C$6dlk|O8`>mrJb3eQMlgpdY+`iNKeW(A?_peue
zdm-z(oO4~yyDn!;h1R{dpMK}*ja06+FW=giF=xz=i#nRrc68rivO_Oq9T#$r3wg(d
ztoZ`K{d1?Qk#3y^1R-`46}rtHekpq;kn5Pwcg$y->-UV|zO!v@WutG?p5Hr|b9(Yl
zPezYm%v;xgczt8&XJ>wLW^+8({Y1X|iJbFT-g%60>Uj(locggd>zc^9Ci1R{tbOA1
zj;>pag|?peF8{)x>w7BS_tY=De(TDfoy?t`%tQ7~X6+ZTmzlJaFlmYQGd2*rrRAQv
z`!jQQp}BYSdZE2*)B90h(Lh;xP|iXa*Fr1<2s72vwc*Y>4;OnIXW#*ul}Ecy&F&NT
z6>=5EZS1;QQzT$`bHqC0r0zOfM-DQdI7VB&L(Ff6tlsBL|3cG{B{wV-2u7kxh>uud
zmCcAVg>U~0Cx0{t46%)!955|5YaA=A4c|n}WUS7)`&!)x{mPjMc(X9dl_jx2Jj#c|
zEEa0mKp0U}tmQ~-&B7SMi|kSYA>cUgnF@RlyrM*W)fbp$ORyR896iPkXmUu2QZ5O0
z&im2)Ku~n6xY}5@rabXOjv<t+tjsB{N-5yWHuOMhsSZr(b}#!Q9K4p02Zs@?R+d^h
z@GRR87{YoVmU+T_+)suGNb29V#p#(bEM=a%!eUj31X_W4Bm&Kjd1ptDv83hM(T0j{
zHYjQm-E2SvIcZ|ongYtus*fof(vGj9MaZLgX0@GaVhSYgMSS3g#~^N#)e!32EeO!z
zW|g;eor(CiZp}4IeE@z^qQ>x~be<E!NffUQME$|~42e-AVwQYv<sgFI{;IZ~XOs|%
z_#95kWr$HC5|4P5$~sS|`{w9hSvO9<?Y!lzBt0Zrf$6qkBgDaplLodVEF$aSt%<c7
zAv~|qLiiDi-Ns)$h|%uqN7)T0i_~rcz~0_<+xL#INLdfqA5hkgrbk5JvUz8b(HA?Y
z=93uQogs*v^F-cxqS)2g(F4-?qg^%FUB9o8tKes2*VURLiKcAzj~rp{9<h#`Fx@>(
zL#}iv4omgs9=|R|Q{fwMuW`^kYZdrpG2eeQ_}n#qRcBh(MW*UZZHCit8MHMJF{&}`
z>(^1gR<Jd$e4_-m#9*z(TJkvp!62dh=>a>SL`}$d0plujEsrVDkryNURX4ErFJTgC
z;NyRbz3O__SHR!k_GnJ9mTV2EzM!;>piv1m)oTw~YxBobv3U#<*yYwJuQsJh1qTO8
z&6a{w%0gWU+DjO!0DBO??q<~<wrx;BU8VN6*%~?tY5}*blS(K-Pw9QArIc;kBs?<!
z#k6GcEGr2qo`lknSE8Y*={ffN6g#jz7ae2!Q%j2==YF?)``M~YaYJt^HIdobiJX+1
zq|v{IptQ`@NK7S;^$<Kzf`XNXBDVkpD=p{nEF;#aP%KNn&QTmIw`n_&S6mL&Avp^;
zax=nPIH-PuLP3axP`DYYe_*dc{AJ;7WZl7EeCEsWzRl2Eq;?a)`?fu|FTQiJNI4GK
zi#?RX^<bZ)z4Z|Vfi&mNBEu9}1nY>&eo-~qvuEInOy*pZc^Ay_$<Li#8;5@I`r7M7
zccTgqh+2<!)opjpze29U1dUx+YpP7}+{m-c-Dj=mOr}q)G~|j+VFD~@M5P6d-Ap1+
zirq{?6Dsf{q^*mPkTf$Tq>(C{)OyQ823M;13v#9`YT4CHKR%oZE(y1geiwg54VAZl
zXK!1NWNl=fNFdeR$7GWqUjzmHe%TblH%wSu5y+#VK03te5eOX#B)lXL$5QSr74yU@
zA1rx-2|*M{v<aUTs9zgJBl7|YBnjt;@DTAj$=4-B)#D|eyXx`k7qLpG_|*dWE=6{d
zus7<XRps+1fdpg_$5uXD5(v4<Mm(?hhDjJBja2>b5V<6eyRvMhF8etG9Otj9N)`+8
z{eYVkiW5QHVI^3tm^s2Axg;-uGJAFN`v>zgF?_rf<)0HaQ3P)XCH@9Ct;o<cUDTOr
zeUT!fjiRUNEH(Aj_X2e)tKAFK(X4haP>xmQSD<XG%CA7#SCwCZvaBk<0_Dl>ycekb
z+3ofMHIUWrjU|6aI{j|b&8F2RtV3E`Gp@C+_2;sOxSWO0TliIDp{XM?vvy@Yo$b4r
zYnsY8O|4oB_SRKP!Lc_J-JH%I8v0d7)-jQDOynICtG1%vO~d4?h!^p}Y<p2>qYrGD
ziWCl2@qj^Ao^Dfei+d@PV>O&@>;GsVYkWFqd^&G@dX<4vwEiCD`iycF^sb^#--?eW
zD#A*2b{ASZ*83DuY^CT{7@xEb#wV?V@d?p`McMD~d1Fu3+MT0&@^nv8=cLcBb8w7l
ztPYd~(Pdvbw|KBpiOtam@=#jWN%w6G6)7C<oKX%{LFyhX7b-qQ>UO@-nYHZA(cO8v
zyQp)}u%97FL8wqlVJig><Y?4CSk!gUy&JPd3Wus7l@672iziBzGW&9LXP)jvl!i<x
O1Sz*ilcFRmc<?_qY1_#F

delta 3327
zcmcguUu+b|8K2pIw|Blf+jsWa=8wI`IB<s80T-|%^5<+597r81+)ys5PV3w8dAaqj
zv%6=5Wpb86BBJ`i$)<v;R7xsAkwPmf+B~#sC20E8movJS(@K_5^U^+4T0|mQd8qo$
z9%uf9v?vdqo%!vzGvCbjXXg86fAsph&lP_WiG&c8U%mFRisJ}<PCsfzxJTUmBSz>P
zQjmf*G>y}Enn^R5elr?7&80b?W;K3VNDDsAX@PVA#yL$)i}2>P;B+V*nhvIeFfOF)
zl)xF34wFGa5ec4Tl;9ce5=i@`CK{z93?f(wk;s+0OAL%atCn<>L_ex`QcS!X5l#u`
zaIIa5T;hNeTD4#VoDGySiInIiFya$v)uPm&L61mmta0}trQs3oMiK)pV_(xUUYk=y
zO8k*IO<$AHM4FZ6yl;uw=DR16PJo?>6D>8pNK{EEEmvAEv7jxqY5}KlNBx#;`zP&6
zGH&1{*|JkdUUnm+<Ksty2To?mjIA2F^KWiPBja+4Y!g?cXsgr2d7DqQWY^7yCFt%_
z0e3%ehJ?TF&cX6O$EUdkb_D(K#A$wkU%<1-R2J|8-v(^ea#~mr7KI$5y-q3+=LI{A
zkaMRY!I|Ab<h&VZ85SP)17+P0vzJD?5JuIh^!qqk`tC{gIGV%ux}69u2zIQx;DE*7
zXI{!LaQ|B`_1o)Jo%&z(0-dR$35&na40_?CD9O)%?A#K+cW``G)pNv@Y?8O^rw<){
zbxhiB*(P+VlPXap+LM%wS<0en63N>{I&#XMGIYt9I6*(nK25cp?+5=Z1VElCI#OtK
zbHfSC&@+mfwKK4crdTfTzg>1#)|_`j+d|ucxel6j#rZU(?iSfr!9z7DaZR4c(4HF5
zo)C&{@lYM#?t}9}U0boTaq}`>?tWif7FQcLo*%v#Uuo<vH+FkSh_rhQ+qh-5qwB)_
z<*uI;FBF$k%jEsh<<T{d!Hrug9i6of=vrG_ZSMGpy*R$o+*5Au@eq!*uP?sl2@i=r
z%U9|emQ!b+bw=wN{$D!Wt_v@YTCL!+8yj1O`k5R3fua5UXJW8rL}EUZ0wc+5O86~&
zggW-`7v7OZWLut)EkgG#Z%k;!mW-S<V;Gub%*>d?hA=C1Qs$p6tus#&*yMt)z;*+Z
zWy_}RB%+6lN#Juav1lfcBy$`66g72{STnM2J`112&@30=AMh+9PYCf1s~u03J9e*z
zW0mGarMacDsoe|mQs@o>_=19m_zm9-XW6CTQuNC(3N}Pb(Sa3luq+Oi{ObHG+8Wz)
zwX+o619e5*TNd}0#Jx^SeLKGG?5#hvtA3o2S0^VW$T!k#fA1d1KfJBl8u7JtaZi$U
zBeJF$a~Z=_bE@t{8lJlLyUlI5v2T><aIPg7B~s4NCY{^u9oNDgf5WZRxv&z``-~}3
zgKPe9zLNT}?(}x{j!{>c-=VMvzzxXRHw&ssAOMJ+or1|+*3fmAGmSZGeLm%k<_JWK
zoK-c|R*7XEg3ipfi=97Z#$LXskwR=)I{~Uq8m0t0C|NVaf<VpNzMitKkz7tv^}JSq
zEwrl^OvpOj&YUz=(6lkxVVs7J7q0zf>l;k_rh{Nzbru{CI3tpp&l72~pzFj=I%Dy~
z8_9tAutnxeR9Vrt25d0t<z@PQVa>yo9;F}wSTsvYwc`?gz`RrD5g3|re!Oid@dLaX
z>$p5z8hEV~JGK%#R*oGjg^xM=w%=@`3IA<qcL(4aI1IV?911$0Z+<TXw+pLq3V(rd
z?sUD<+J$WYp8!~)Y(?g#(^wJgi1P<&Ls1D_V6x0{_!T&f--6Uveb3=JRL$i{u|Tyy
zpy!DuS&-85zIXq0QG(c!ZT|p)^G1dwjX)Y4n-`BBc;&$GxU|a+Oc7bLr%t&+x}_v*
z69x8HfUvO(mVcAU6GaF?H(1c`u_hUF9HhBCF-^n#2ImIINs=wV5!?r?<|Y7`=DT$e
z=!XtXxVmm8J4Ld2^EeE@M_FueSTzufp1|`1tMSB#gC9PBE1tX=Pp-swl;b-fw+4ss
zli+2$5=)%h`N7Wf^DD8Qa;&EmeoU>jZ@c<>DV~Dr@%NW5J}BXiFY}8hmi*w{Z%G$@
zVUXXSWd7Qh0tz=n^5+NcLuEtvZ`rG<UkkqxO7;6_6(6mz{F=wYEO=Wl!Umj4ruxw@
zrIf@LuSa4)Uzb9up1}1UmeNmSO85G7e`u(Uz5ZO|P!oG2ih;h-!~?owCNnLodL}a;
zc&68X)E7Ja<ikxFmhEyghG{2T-M}RLRLL`{NrTM~Mz`f&SMRi{D9-Pb;UW)XZU_#k
zO-|aHI$_etGIvqfOhKgJU*G+dqVeFTNk8=6sH`X%x|T-fWRsX1=rGMr{?YV9**|$y
zXI-8qnT#7K%&J+#)Lqsr=;rVcWj;WG-W*?v`=<@1ppoZI1wQF7p7kjpco5?X>M1?0
zI_!>tVpj=0ro!zUI*b<ukK2nQ9$JSPjF@JRsmGn?10I6ceYnHIP#HJ*quv%2h%V+z
zP2E?;k}$X;43>q#MHZID+$|KliDDHlR*5H;JG&`X!3!cBhnoyDaFbyMZZd$Vv$oSX
z7Qk?N0H~1GGH&r0+7m-u`0V^mwyngr!Fr2h^r>+5iwDmfUS`iHFK;bzeJfmFnd<|h
OT0I_d8-U;U-G2aUgJ>!M

diff --git a/backend/create_admin.py b/backend/create_admin.py
new file mode 100644
index 0000000..7144314
--- /dev/null
+++ b/backend/create_admin.py
@@ -0,0 +1,44 @@
+"""
+TEE OFF ADMIN GENERATOR v1.2 (PBKDF2)
+---------------------------------------------------------------------------
+FUNKSJON: Genererer SQL for å sette inn en admin med PBKDF2-hash.
+BRUK: docker exec -it teeoff_api python create_admin.py
+---------------------------------------------------------------------------
+"""
+import pyotp
+from passlib.hash import pbkdf2_sha256
+import getpass
+
+def generate_admin():
+    print("\n" + "="*50)
+    print("   TEE OFF ADMIN GENERATOR v1.2 (PBKDF2)")
+    print("="*50)
+    
+    username = input("Brukernavn: ").strip()
+    email = input("E-post: ").strip()
+    password = getpass.getpass("Passord (Ingen lengdebegrensning): ")
+    
+    # Generer 2FA hemmelighet
+    otp_secret = pyotp.random_base32()
+    
+    # Lag hash med PBKDF2
+    print("⏳ Genererer sikker hash...")
+    password_hash = pbkdf2_sha256.hash(password)
+    
+    print("\n" + "✅ GENERERING VELLYKKET!")
+    print("-" * 50)
+    print("KJØR DENNE KOMMANDOEN FOR Å OPPRETTE BRUKEREN:")
+    print("-" * 50)
+    
+    sql = f"INSERT INTO admins (username, email, password_hash, otp_secret) VALUES ('{username}', '{email}', '{password_hash}', '{otp_secret}');"
+    
+    print(f"\ndocker exec -it teeoff_db psql -U teeoff_admin -d teeoff -c \"{sql}\"")
+    
+    print("\n" + "-" * 50)
+    print("2FA KONFIGURASJON (Viktig!):")
+    print(f"Brukernavn: {email}")
+    print(f"Nøkkel (Secret): {otp_secret}")
+    print("-" * 50 + "\n")
+
+if __name__ == "__main__":
+    generate_admin()
\ No newline at end of file
diff --git a/backend/main.py b/backend/main.py
index 4aa0feb..b9f3021 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -1,100 +1,156 @@
-from fastapi import FastAPI, HTTPException
+"""
+TEE OFF BACKEND API v3.6.5 - THE FINAL MASTER VERSION
+---------------------------------------------------------------------------
+REGEL 1: Bruk str (ikke string) for type-hinting.
+REGEL 2: Inkluder alle subqueries for banestatus og hull-data.
+REGEL 3: Robust JSON-parsing (format_row) for å hindre Frontend-krasj.
+REGEL 4: JWT-sesjoner lagres i HTTP-only cookies.
+---------------------------------------------------------------------------
+"""
+
+from fastapi import FastAPI, HTTPException, Response, Cookie, Depends, Request
 from fastapi.middleware.cors import CORSMiddleware
 from contextlib import asynccontextmanager
 import asyncpg
 import json
-from datetime import date, datetime
+import pyotp
+import os
+from datetime import datetime, date, timedelta
+from jose import jwt, JWTError
+from passlib.context import CryptContext
+from dotenv import load_dotenv
+
+load_dotenv()
 
 # --- KONFIGURASJON ---
-DB_URL = "postgresql://teeoff_admin:teeoff_secret_password@db:5432/teeoff"
+DB_URL = os.getenv("DATABASE_URL", "postgresql://teeoff_admin:teeoff_secret_password@db:5432/teeoff")
+SECRET_KEY = os.getenv("JWT_SECRET", "super_secret_change_this_in_production")
+ALGORITHM = "HS256"
+pwd_context = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")
 
 def format_row(row):
     """
     Vasker data fra databasen:
     1. Konverterer datoer til ISO-format.
-    2. Tvinger tekst-JSON (stringified JSON) over til ekte Python objekter/lister.
+    2. Parser stringified JSON til ekte Python-objekter.
     """
     if row is None:
         return None
     
     d = dict(row)
     
-    # 1. Håndter dato- og tidsformater for JSON-serialisering
+    # 1. Datoer
     for key in ['status_updated_at', 'created_at']:
         if isinstance(d.get(key), (date, datetime)):
             d[key] = d[key].isoformat()
     
-    # 2. Definer alle felter som inneholder JSON-data
-    # Disse må parses manuelt hvis de kommer som strenger fra Postgres
+    # 2. JSON-felter (Lister)
     json_list_fields = [
         'course_statuses', 'courses', 'gallery', 'greenfee', 
         'faqs', 'shotzoom', 'social_links', 'holes'
     ]
-    json_dict_fields = [
-        'amenities', 'vtg', 'nsg_data', 'golfamore_data'
-    ]
-
-    # Vask list-felter
     for field in json_list_fields:
         if field in d:
             val = d[field]
-            if val is None:
-                d[field] = []
+            if val is None: d[field] = []
             elif isinstance(val, str):
-                try:
-                    d[field] = json.loads(val)
-                except:
-                    d[field] = []
-            elif not isinstance(val, list):
-                d[field] = []
+                try: d[field] = json.loads(val)
+                except: d[field] = []
+            elif not isinstance(val, list): d[field] = []
 
-    # Vask objekt-felter
+    # 3. JSON-felter (Objekter)
+    json_dict_fields = ['amenities', 'vtg', 'nsg_data', 'golfamore_data']
     for field in json_dict_fields:
         if field in d:
             val = d[field]
-            if val is None:
-                d[field] = {}
+            if val is None: d[field] = {}
             elif isinstance(val, str):
-                try:
-                    d[field] = json.loads(val)
-                except:
-                    d[field] = {}
-            elif not isinstance(val, dict):
-                d[field] = {}
+                try: d[field] = json.loads(val)
+                except: d[field] = {}
+            elif not isinstance(val, dict): d[field] = {}
             
     return d
 
 @asynccontextmanager
 async def lifespan(app: FastAPI):
-    # Opprett database-pool ved start
+    # Opprett database-pool
     try:
         app.state.pool = await asyncpg.create_pool(
-            DB_URL, 
-            min_size=5, 
-            max_size=20,
-            command_timeout=60
+            DB_URL, min_size=5, max_size=20, command_timeout=60
         )
-        print("✅ Database tilkoblet og pool opprettet")
+        print("✅ Database pool opprettet")
     except Exception as e:
-        print(f"❌ Databasefeil under oppstart: {e}")
+        print(f"❌ Databasefeil: {e}")
         raise e
     yield
-    # Lukk pool ved avslutning
     await app.state.pool.close()
 
-app = FastAPI(title="TeeOff API v3.5", lifespan=lifespan)
+app = FastAPI(title="TeeOff API v3.6.5", lifespan=lifespan)
 
-# CORS-oppsett slik at Next.js kan snakke med API-et
+# CORS - Tillater både lokal utvikling og produksjonsdomene
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],
+    allow_origins=[
+        "https://nye.teeoff.no",
+        "http://nye.teeoff.no",
+        "http://localhost:3000"
+    ],
+    allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
 )
 
+# --- AUTH ENDPOINTS ---
+
+@app.post("/api/auth/login")
+async def login(data: dict):
+    """Steg 1: Sjekk passord og returner temp_token for 2FA."""
+    async with app.state.pool.acquire() as conn:
+        admin = await conn.fetchrow(
+            "SELECT * FROM admins WHERE username = $1 OR email = $1", 
+            data.get('username')
+        )
+        
+        if not admin or not pwd_context.verify(data.get('password'), admin['password_hash']):
+            raise HTTPException(status_code=401, detail="Ugyldig brukernavn eller passord")
+        
+        temp_token = jwt.encode(
+            {"sub": admin['username'], "partial": True, "exp": datetime.utcnow() + timedelta(minutes=5)}, 
+            SECRET_KEY, algorithm=ALGORITHM
+        )
+        return {"step": "2fa", "temp_token": temp_token}
+
+@app.post("/api/auth/verify-2fa")
+async def verify_2fa(data: dict, response: Response):
+    """Steg 2: Sjekk TOTP og sett session cookie."""
+    try:
+        payload = jwt.decode(data.get('temp_token'), SECRET_KEY, algorithms=[ALGORITHM])
+        username = payload.get("sub")
+    except:
+        raise HTTPException(status_code=401, detail="Sesjonen har utløpt")
+
+    async with app.state.pool.acquire() as conn:
+        admin = await conn.fetchrow("SELECT otp_secret FROM admins WHERE username = $1", username)
+        totp = pyotp.TOTP(admin['otp_secret'])
+        if not totp.verify(data.get('code')):
+            raise HTTPException(status_code=401, detail="Feil 2FA-kode")
+
+        final_token = jwt.encode(
+            {"sub": username, "exp": datetime.utcnow() + timedelta(hours=12)}, 
+            SECRET_KEY, algorithm=ALGORITHM
+        )
+        
+        response.set_cookie(
+            key="admin_session", value=final_token,
+            httponly=True, samesite="lax", secure=False # False for utvikling
+        )
+        return {"status": "success"}
+
+# --- DATA ENDPOINTS ---
+
 @app.get("/api/facilities")
 async def get_facilities():
-    """Henter alle golfanlegg med aggregert banestatus"""
+    """Henter alle anlegg med aggregert banestatus for kortene."""
     async with app.state.pool.acquire() as conn:
         rows = await conn.fetch("""
             SELECT f.*, (
@@ -111,7 +167,7 @@ async def get_facilities():
 
 @app.get("/api/facilities/{slug}")
 async def get_facility(slug: str):
-    """Henter detaljer for ett spesifikt golfanlegg inkludert alle baner og hull"""
+    """Henter ett anlegg med alle baner og hull (brukes i FacilityDetailView)."""
     async with app.state.pool.acquire() as conn:
         row = await conn.fetchrow("""
             SELECT f.*, (
@@ -130,20 +186,10 @@ async def get_facility(slug: str):
         """, slug)
         
         if not row:
-            raise HTTPException(status_code=404, detail="Golfanlegget ble ikke funnet")
+            raise HTTPException(status_code=404, detail="Banen finnes ikke")
             
         return format_row(row)
 
 @app.get("/api/health")
 async def health_check():
-    """Enkel sjekk for å se at API og DB lever"""
-    try:
-        async with app.state.pool.acquire() as conn:
-            await conn.execute("SELECT 1")
-            return {"status": "healthy", "database": "connected"}
-    except Exception as e:
-        return {"status": "unhealthy", "error": str(e)}
-
-if __name__ == "__main__":
-    import uvicorn
-    uvicorn.run(app, host="0.0.0.0", port=8000)
\ No newline at end of file
+    return {"status": "healthy"}
\ No newline at end of file
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 53d979b..ff5702f 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -8,3 +8,6 @@ playwright
 playwright-stealth
 apscheduler
 python-dotenv
+python-jose[cryptography]
+passlib[bcrypt]
+pyotp
\ No newline at end of file
diff --git a/frontend/src/app/admin/login/page.tsx b/frontend/src/app/admin/login/page.tsx
new file mode 100644
index 0000000..a3587fb
--- /dev/null
+++ b/frontend/src/app/admin/login/page.tsx
@@ -0,0 +1,102 @@
+"use client";
+/**
+ * TEE OFF ADMIN LOGIN v1.2
+ * ---------------------------------------------------------------------------
+ * PLASSERING: frontend/src/app/admin/login/page.tsx
+ * FUNKSJON: Offentlig tilgjengelig innlogging for administratorer.
+ * ---------------------------------------------------------------------------
+ */
+
+import { useState } from 'react';
+import { useRouter } from 'next/navigation';
+import { API_URL } from "@/config/constants";
+
+export default function AdminLogin() {
+  const [step, setStep] = useState(1);
+  const [formData, setFormData] = useState({ username: '', password: '', code: '' });
+  const [tempToken, setTempToken] = useState('');
+  const [error, setError] = useState('');
+  const [isLoading, setIsLoading] = useState(false);
+  const router = useRouter();
+
+  const handleLogin = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setIsLoading(true);
+    setError('');
+
+    try {
+      const res = await fetch(`${API_URL}/auth/login`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ username: formData.username, password: formData.password })
+      });
+
+      const data = await res.json();
+      if (res.ok) {
+        setTempToken(data.temp_token);
+        setStep(2);
+      } else {
+        setError(data.detail || 'Ugyldig pålogging');
+      }
+    } catch (err) {
+      setError('Systemfeil: Kunne ikke koble til API-et');
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  const handleVerify2FA = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setIsLoading(true);
+
+    try {
+      const res = await fetch(`${API_URL}/auth/verify-2fa`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ temp_token: tempToken, code: formData.code })
+      });
+
+      if (res.ok) {
+        // VIKTIG: Etter suksess sender vi brukeren til selve dashbordet
+        router.push('/admin');
+        router.refresh();
+      } else {
+        setError('Ugyldig 2FA-kode');
+      }
+    } catch (err) {
+      setError('Tilkoblingsfeil ved 2FA-verifisering');
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-[#f1f7ed] p-6 font-sans">
+      <div className="max-w-md w-full bg-white rounded-[3rem] shadow-2xl p-12 border border-white">
+        <div className="flex justify-center mb-10">
+            <img src="/TeeOff-logo-Retina-1.png" className="h-10 w-auto" alt="TeeOff" />
+        </div>
+        <h2 className="text-2xl font-black text-center uppercase tracking-tighter mb-8 text-[#11280f]">
+          {step === 1 ? "Admin Portalen" : "Tofaktor Sjekk"}
+        </h2>
+        <form onSubmit={step === 1 ? handleLogin : handleVerify2FA} className="space-y-4">
+          {step === 1 ? (
+            <>
+              <input type="text" placeholder="Brukernavn eller E-post" className="w-full p-5 bg-gray-50 rounded-2xl border-none ring-1 ring-gray-100 outline-none focus:ring-2 focus:ring-[#8bc34a] transition-all text-sm font-bold text-[#11280f]" onChange={e => setFormData({...formData, username: e.target.value})} required />
+              <input type="password" placeholder="Passord" className="w-full p-5 bg-gray-50 rounded-2xl border-none ring-1 ring-gray-100 outline-none focus:ring-2 focus:ring-[#8bc34a] transition-all text-sm font-bold text-[#11280f]" onChange={e => setFormData({...formData, password: e.target.value})} required />
+            </>
+          ) : (
+            <div className="space-y-4">
+                <p className="text-[10px] text-gray-400 font-black uppercase text-center tracking-widest">Tast inn 6 siffer fra appen din</p>
+                <input type="text" placeholder="000 000" className="w-full p-6 text-center text-4xl tracking-[0.3em] font-black bg-gray-50 rounded-3xl border-none ring-2 ring-[#ff5722]/20 outline-none focus:ring-[#ff5722] transition-all text-[#ff5722]" onChange={e => setFormData({...formData, code: e.target.value})} autoFocus required />
+            </div>
+          )}
+          {error && <div className="bg-red-50 p-4 rounded-xl text-red-600 text-[10px] font-black uppercase tracking-widest text-center border border-red-100">⚠️ {error}</div>}
+          <button type="submit" disabled={isLoading} className={`w-full p-6 rounded-2xl font-black uppercase text-xs tracking-widest text-white transition-all shadow-xl ${step === 1 ? 'bg-[#11280f]' : 'bg-[#ff5722]'}`}>
+            {isLoading ? "Venter..." : (step === 1 ? "Fortsett" : "Logg inn")}
+          </button>
+        </form>
+      </div>
+    </div>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/app/admin/page.tsx b/frontend/src/app/admin/page.tsx
new file mode 100644
index 0000000..0b49133
--- /dev/null
+++ b/frontend/src/app/admin/page.tsx
@@ -0,0 +1,91 @@
+"use client";
+/**
+ * TEE OFF ADMIN DASHBOARD v1.1
+ * ---------------------------------------------------------------------------
+ * PLASSERING: frontend/src/app/admin/page.tsx
+ * FUNKSJON: Monitorering av banestatus og administrasjon.
+ * ---------------------------------------------------------------------------
+ */
+
+import { useState, useEffect } from 'react';
+import { API_URL } from "@/config/constants";
+
+export default function AdminDashboard() {
+  const [facilities, setFacilities] = useState([]);
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    fetch(`${API_URL}/facilities`)
+      .then(res => res.json())
+      .then(data => {
+        setFacilities(Array.isArray(data) ? data : []);
+        setLoading(false);
+      })
+      .catch(() => setLoading(false));
+  }, []);
+
+  if (loading) return <div className="p-20 text-center font-black animate-pulse">LASTER DASHBORD...</div>;
+
+  return (
+    <div className="flex flex-col lg:flex-row min-h-screen bg-[#f1f7ed] font-sans">
+      {/* SIDEBAR (22%) */}
+      <aside className="lg:w-[22%] bg-[#11280f] text-white p-10 flex flex-col">
+        <h1 className="text-2xl font-black uppercase tracking-tighter mb-10">TeeOff Admin</h1>
+        <nav className="space-y-6 text-[10px] font-black uppercase tracking-[0.2em] text-[#7ca982] flex-grow">
+          <div className="text-white border-l-4 border-[#8bc34a] pl-4 py-1">Scraping Monitor</div>
+          <div className="hover:text-white cursor-pointer pl-4 py-1 transition-colors">Medlemskap</div>
+          <div className="hover:text-white cursor-pointer pl-4 py-1 transition-colors">Bildegalleri</div>
+        </nav>
+        <div className="mt-auto pt-10 border-t border-white/10">
+            <button onClick={() => window.location.href='/'} className="text-[10px] font-black uppercase tracking-widest text-red-400 hover:text-red-300">Logg ut</button>
+        </div>
+      </aside>
+
+      {/* HOVEDINNHOLD (78%) */}
+      <main className="lg:w-[78%] p-6 md:p-12">
+        <div className="bg-white rounded-[3rem] shadow-2xl p-10 md:p-16 border border-white">
+          <header className="flex justify-between items-center mb-12">
+            <div>
+                <h2 className="text-4xl font-black tracking-tighter text-[#11280f] mb-2">Scraping Monitor</h2>
+                <p className="text-xs font-bold text-gray-400 uppercase tracking-widest">Sjekker status på {facilities.length} anlegg</p>
+            </div>
+            <button className="bg-[#8bc34a] text-white px-8 py-4 rounded-2xl text-[10px] font-black uppercase tracking-widest shadow-xl hover:scale-105 transition-all">Kjør alle skrapere</button>
+          </header>
+          
+          <div className="overflow-x-auto">
+            <table className="w-full text-left border-collapse">
+              <thead>
+                <tr className="text-[10px] font-black uppercase tracking-widest text-gray-300 border-b border-gray-50">
+                  <th className="pb-6">Anlegg</th>
+                  <th className="pb-6">Konfigurasjon</th>
+                  <th className="pb-6">Siste Sjekk</th>
+                  <th className="pb-6 text-right">Status</th>
+                </tr>
+              </thead>
+              <tbody className="text-sm font-bold text-[#11280f]">
+                {facilities.map((f: any) => (
+                  <tr key={f.id} className="border-b border-gray-50 group hover:bg-gray-50/50 transition-colors">
+                    <td className="py-8">
+                      <div className="font-black text-lg">{f.name}</div>
+                      <div className="text-[10px] text-[#7ca982] uppercase tracking-widest">{f.city}</div>
+                    </td>
+                    <td className="py-8">
+                      <div className="text-[11px] text-blue-600 truncate max-w-[200px] mb-1">{f.scrape_status_url}</div>
+                      <div className="text-[10px] font-mono text-gray-300">{f.scrape_status_selector}</div>
+                    </td>
+                    <td className="py-8 text-gray-400 font-mono text-xs">
+                      {f.status_updated_at ? new Date(f.status_updated_at).toLocaleDateString('nb-NO') : 'Aldri'}
+                    </td>
+                    <td className="py-8 text-right">
+                      <button className="bg-gray-100 px-5 py-2.5 rounded-xl text-[9px] font-black uppercase tracking-widest hover:bg-[#11280f] hover:text-white transition-all">Rediger</button>
+                    </td>
+                  </tr>
+                ))}
+              </tbody>
+            </table>
+          </div>
+        </div>
+      </main>
+    </div>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/components/Header.tsx b/frontend/src/components/Header.tsx
index bf89ee4..48bf3de 100644
--- a/frontend/src/components/Header.tsx
+++ b/frontend/src/components/Header.tsx
@@ -20,7 +20,7 @@ export default function Header() {
           <Link href="/golfbaner" className="hover:text-[#8bc34a]">Finn Bane</Link>
           <Link href="/medlemskap" className="hover:text-[#8bc34a]">Medlemskap</Link>
           <Link href="/om-oss" className="hover:text-[#8bc34a]">Om oss</Link>
-          <Link href="/logg-inn" className="px-5 py-2 bg-[#ff5722] text-white rounded-xl hover:bg-[#e64a19] transition-all">Admin</Link>
+          <Link href="/admin/login" className="px-5 py-2 bg-[#ff5722] text-white rounded-xl hover:bg-black transition-all font-black uppercase text-[10px] tracking-widest">Admin</Link>
         </nav>
 
         {/* HAMBURGER (Mobil) */}
diff --git a/frontend/src/config/constants.ts b/frontend/src/config/constants.ts
index de034d4..4b54ddf 100644
--- a/frontend/src/config/constants.ts
+++ b/frontend/src/config/constants.ts
@@ -1,5 +1,24 @@
-// Globale innstillinger for TeeOff.no
-export const API_URL = process.env.API_URL || "http://api:8000/api";
+/**
+ * TEE OFF CONFIG CONSTANTS v1.3
+ * ---------------------------------------------------------------------------
+ * REGEL 1: ALDRI trunker eller fjern data fra denne filen.
+ * REGEL 2: Håndterer både intern Docker-kommunikasjon og ekstern browser-kommunikasjon.
+ * REGEL 3: Inneholder alle regionale mappinger for Norge.
+ * ---------------------------------------------------------------------------
+ */
+
+const isBrowser = typeof window !== 'undefined';
+
+// Intern URL for server-to-server (Docker-internt)
+const INTERNAL_API = process.env.API_URL || "http://api:8000/api";
+
+// Relativ sti for browseren. 
+// Ved å bruke '/api' sørger vi for at nettleseren bruker samme protokoll (https)
+// og domene (nye.teeoff.no) som resten av siden.
+const EXTERNAL_API = "/api";
+
+export const API_URL = isBrowser ? EXTERNAL_API : INTERNAL_API;
+
 export const FALLBACK_IMAGE = "/Toppbilde-standard.jpg";
 export const TEEOFF_LOGO = "/TeeOff-logo-Retina-1.png";
 
@@ -20,4 +39,4 @@ export const REGIONS: Record<string, string[]> = {
   "vestlandet": ["møre og romsdal", "sogn og fjordane", "hordaland", "rogaland", "vestland"],
   "sørlandet": ["vest-agder", "aust-agder", "agder"],
   "østlandet": ["telemark", "vestfold", "østfold", "buskerud", "hedmark", "oppland", "oslo", "akershus", "innlandet", "viken"]
-};
+};
\ No newline at end of file
diff --git a/frontend/src/middleware.ts b/frontend/src/middleware.ts
new file mode 100644
index 0000000..dc05080
--- /dev/null
+++ b/frontend/src/middleware.ts
@@ -0,0 +1,36 @@
+/**
+ * TEE OFF SECURITY MIDDLEWARE v1.0
+ * ---------------------------------------------------------------------------
+ * REGEL: Beskytter alle ruter under /admin (unntatt /admin/login).
+ * FUNKSJON: Sjekker for admin_session cookie og omdirigerer hvis den mangler.
+ * ---------------------------------------------------------------------------
+ */
+
+import { NextResponse } from 'next/server';
+import type { NextRequest } from 'next/request';
+
+export function middleware(request: NextRequest) {
+  const { pathname } = request.nextUrl;
+  const session = request.cookies.get('admin_session');
+
+  // 1. Tillat alltid tilgang til innloggingssiden
+  if (pathname.startsWith('/admin/login')) {
+    return NextResponse.next();
+  }
+
+  // 2. Beskytt alle andre ruter under /admin
+  if (pathname.startsWith('/admin')) {
+    if (!session) {
+      // Ingen sesjon funnet -> Send til innlogging
+      const loginUrl = new URL('/admin/login', request.url);
+      return NextResponse.redirect(loginUrl);
+    }
+  }
+
+  return NextResponse.next();
+}
+
+// Definer hvilke ruter middleware skal kjøre på
+export const config = {
+  matcher: ['/admin/:path*'],
+};
\ No newline at end of file