diff --git a/server/routes/auth.js b/server/routes/auth.js
index 1cd8baa..ebe96fc 100644
--- a/server/routes/auth.js
+++ b/server/routes/auth.js
@@ -16,19 +16,21 @@ authRouter.post("/register", async (req, res) => {
   if (existing) return res.status(409).json({ error: "Konto existiert bereits." });
 
   const account = await one(
-    "insert into accounts (email, password_hash) values ($1, $2) returning id, email",
+    "insert into accounts (email, password_hash) values ($1, $2) returning id, email, is_admin",
     [email.toLowerCase(), await hashPassword(password)]
   );
-  res.json({ token: signToken(account), account: { id: account.id, email: account.email } });
+  account.is_admin = await ensureAdminFlag(account);
+  res.json({ token: signToken(account), account: { id: account.id, email: account.email, is_admin: account.is_admin } });
 });
 
 authRouter.post("/login", async (req, res) => {
   const { email, password } = req.body || {};
-  const account = await one("select id, email, password_hash from accounts where email = $1", [
+  const account = await one("select id, email, password_hash, is_admin from accounts where email = $1", [
     (email || "").toLowerCase(),
   ]);
   if (!account || !(await verifyPassword(password || "", account.password_hash))) {
     return res.status(401).json({ error: "Email oder Passwort falsch." });
   }
-  res.json({ token: signToken(account), account: { id: account.id, email: account.email } });
+  account.is_admin = await ensureAdminFlag(account);
+  res.json({ token: signToken(account), account: { id: account.id, email: account.email, is_admin: account.is_admin } });
 });