Centralize admin auth with endpoint filter

Infrastructure/AdminOnlyFilter.cs

@@ -0,0 +1,21 @@
+using GameList.Data;
+using GameList.Endpoints;
+using Microsoft.AspNetCore.Authorization;
+
+namespace GameList.Infrastructure;
+
+public class AdminOnlyFilter : IEndpointFilter
+{
+    public async ValueTask<object?> InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
+    {
+        var httpContext = context.HttpContext;
+        var db = httpContext.RequestServices.GetRequiredService<AppDbContext>();
+        var player = await EndpointHelpers.GetAuthenticatedPlayer(httpContext, db);
+        if (player?.IsAdmin != true)
+        {
+            return Results.Unauthorized();
+        }
+
+        return await next(context);
+    }
+}