helpyourneighbour/backend/middleware/role.middleware.js

/**
 * Middleware to check if the user has the required role(s)
 * @param {string[]} allowedRoles - Array of roles allowed to access the endpoint
 * @returns {function} Express middleware function
 */
export const requireRole = (allowedRoles) => {
  return (req, res, next) => {
    const userRole = req.user?.role;
    
    if (!userRole) {
      return res.status(401).json({ error: 'Unauthorized: Missing role claim' });
    }
    
    if (!allowedRoles.includes(userRole)) {
      return res.status(403).json({ error: 'Forbidden: Insufficient permissions' });
    }
    
    next();
  };
};
feat: Implement role-based access control middleware and update documentation 2026-03-16 03:06:38 +00:00			`/**`
			`* Middleware to check if the user has the required role(s)`
			`* @param {string[]} allowedRoles - Array of roles allowed to access the endpoint`
			`* @returns {function} Express middleware function`
			`*/`
			`export const requireRole = (allowedRoles) => {`
			`return (req, res, next) => {`
			`const userRole = req.user?.role;`

			`if (!userRole) {`
			`return res.status(401).json({ error: 'Unauthorized: Missing role claim' });`
			`}`

			`if (!allowedRoles.includes(userRole)) {`
			`return res.status(403).json({ error: 'Forbidden: Insufficient permissions' });`
			`}`

			`next();`
			`};`
			`};`