diff --git a/apps/csms/src/db/auth-schema.ts b/apps/csms/src/db/auth-schema.ts
index d0cc27c..29e27f6 100644
--- a/apps/csms/src/db/auth-schema.ts
+++ b/apps/csms/src/db/auth-schema.ts
@@ -11,9 +11,12 @@ export const user = pgTable("user", {
     .defaultNow()
     .$onUpdate(() => /* @__PURE__ */ new Date())
     .notNull(),
+  role: text("role"),
+  banned: boolean("banned").default(false),
+  banReason: text("ban_reason"),
+  banExpires: timestamp("ban_expires"),
   username: text("username").unique(),
   displayUsername: text("display_username"),
-  role: text("role").default("user"),
 });
 
 export const session = pgTable("session", {
@@ -29,6 +32,7 @@ export const session = pgTable("session", {
   userId: text("user_id")
     .notNull()
     .references(() => user.id, { onDelete: "cascade" }),
+  impersonatedBy: text("impersonated_by"),
 });
 
 export const account = pgTable("account", {
diff --git a/apps/csms/src/index.ts b/apps/csms/src/index.ts
index 4d3ccd7..bf87462 100644
--- a/apps/csms/src/index.ts
+++ b/apps/csms/src/index.ts
@@ -46,10 +46,23 @@ app.use(
 app.on(['POST', 'GET'], '/api/auth/*', (c) => auth.handler(c.req.raw))
 
 app.get('/', (c) => {
-  return c.json({
+  const user = c.get('user')
+  const session = c.get('session')
+
+  const payload = {
     platform: 'Helios CSMS',
     message: 'ok',
-  })
+  }
+
+  if (user) {
+    Object.assign(payload, { user })
+  }
+
+  if (session) {
+    Object.assign(payload, { session })
+  }
+
+  return c.json(payload)
 })
 
 app.get(
diff --git a/apps/csms/src/lib/auth.ts b/apps/csms/src/lib/auth.ts
index 920af7d..dfffd8c 100644
--- a/apps/csms/src/lib/auth.ts
+++ b/apps/csms/src/lib/auth.ts
@@ -2,7 +2,7 @@ import { betterAuth } from 'better-auth'
 import { drizzleAdapter } from 'better-auth/adapters/drizzle'
 import { useDrizzle } from './db.js'
 import * as schema from '@/db/schema.ts'
-import { bearer, jwt, username } from 'better-auth/plugins'
+import { admin, bearer, jwt, username } from 'better-auth/plugins'
 
 export const auth = betterAuth({
   database: drizzleAdapter(useDrizzle(), {
@@ -12,16 +12,13 @@ export const auth = betterAuth({
     },
   }),
   user: {
-    additionalFields: {
-      role: {
-        type: 'string',
-        defaultValue: 'user',
-        input: false,
-      },
-    },
+    additionalFields: {},
   },
   emailAndPassword: {
     enabled: true,
   },
-  plugins: [username(), bearer(), jwt()],
+  plugins: [admin(), username(), bearer(), jwt()],
+  advanced: {
+    cookiePrefix: 'helios_auth',
+  },
 })