openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
helpyourneighbour/backend/middleware/requireRole.js

25 lines
706 B
JavaScript
Raw Normal View History

feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware
2026-03-15 21:07:22 +00:00
// middleware/requireRole.js
const jwt = require('jsonwebtoken');
function requireRole(allowedRoles) {
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes:
2026-03-15 20:07:14 +00:00
return (req, res, next) => {
feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware
2026-03-15 21:07:22 +00:00
const token = req.header('Authorization')?.replace('Bearer ', '');
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes:
2026-03-15 20:07:14 +00:00
feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware
2026-03-15 21:07:22 +00:00
if (!token) {
return res.status(401).json({ error: 'Access denied. No token provided.' });
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes:
2026-03-15 20:07:14 +00:00
}
feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware
2026-03-15 21:07:22 +00:00
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
if (!allowedRoles.includes(decoded.role)) {
return res.status(403).json({ error: 'Access denied. Insufficient permissions.' });
}
req.user = decoded;
next();
} catch (error) {
res.status(400).json({ error: 'Invalid token.' });
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes:
2026-03-15 20:07:14 +00:00
}
};
feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware
2026-03-15 21:07:22 +00:00
}
module.exports = requireRole;
Reference in a new issue Copy permalink