Roles are free‑form strings on your AuthUser.
Augment the type if you store role or banned on users (see /getting-started/type-augmentation).
definePageMeta({
auth: { role: 'admin' },
})
export default defineEventHandler(async (event) => {
const { user } = await requireUserSession(event, { role: 'admin' })
return { ok: true, user }
})
requireUserSession also checks user.banned and throws 403 if true.