diff --git a/api/middlewares/admin.js b/api/middlewares/admin.js
new file mode 100644
index 0000000..784fdb2
--- /dev/null
+++ b/api/middlewares/admin.js
@@ -0,0 +1,11 @@
+const adminMiddleware = (req, res, next) => {
+  if (!req.user) {
+    return res.status(403).json({ message: "Access denied, empty user" });
+  }
+  if (!req.user.isAdmin) {
+    return res.status(403).json({ message: "Access denied, admin only" });
+  }
+  next();
+};
+
+module.exports = adminMiddleware;