From 9ec142df0925871d6fca63db05d50f88581665e0 Mon Sep 17 00:00:00 2001
From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com>
Date: Sun, 8 Mar 2026 16:54:22 +0100
Subject: [PATCH] Initial setup

---
 .../middlewares/bull-board-auth.middleware.ts    | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/apps/api/src/middlewares/bull-board-auth.middleware.ts b/apps/api/src/middlewares/bull-board-auth.middleware.ts
index 8492e41fb..432deb974 100644
--- a/apps/api/src/middlewares/bull-board-auth.middleware.ts
+++ b/apps/api/src/middlewares/bull-board-auth.middleware.ts
@@ -1,9 +1,8 @@
 import { BULL_BOARD_COOKIE_NAME } from '@ghostfolio/common/config';
 import { hasPermission, permissions } from '@ghostfolio/common/permissions';
 
-import { Injectable, NestMiddleware } from '@nestjs/common';
+import { ForbiddenException, Injectable, NestMiddleware } from '@nestjs/common';
 import { NextFunction, Request, Response } from 'express';
-import { getReasonPhrase, StatusCodes } from 'http-status-codes';
 import passport from 'passport';
 
 @Injectable()
@@ -18,17 +17,12 @@ export class BullBoardAuthMiddleware implements NestMiddleware {
     passport.authenticate('jwt', { session: false }, (error, user) => {
       if (
         error ||
-        !user ||
-        !hasPermission(user.permissions, permissions.accessAdminControl)
+        !hasPermission(user?.permissions, permissions.accessAdminControl)
       ) {
-        res
-          .status(StatusCodes.FORBIDDEN)
-          .json({ message: getReasonPhrase(StatusCodes.FORBIDDEN) });
-
-        return;
+        next(new ForbiddenException());
+      } else {
+        next();
       }
-
-      next();
     })(req, res, next);
   }
 }