helpyourneighbour/backend/middleware/requireRole.js

// middleware/requireRole.js
const jwt = require('jsonwebtoken');

/**
 * Middleware zur Prüfung der Benutzerrolle
 * @param {string[]} allowedRoles - Erlaubte Rollen
 * @returns {function} Express-Middleware-Funktion
 */
function requireRole(allowedRoles) {
  return (req, res, next) => {
    const authHeader = req.headers.authorization;
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
      return res.status(401).json({ error: 'Authorization header missing or invalid' });
    }

    const token = authHeader.substring(7); // "Bearer " entfernen
    try {
      const decoded = jwt.verify(token, process.env.JWT_SECRET);
      if (!decoded.role || !allowedRoles.includes(decoded.role)) {
        return res.status(403).json({ error: 'Insufficient permissions' });
      }
      req.user = decoded; // Nutzerdaten an die Request-Objekt anhängen
      next();
    } catch (err) {
      return res.status(401).json({ error: 'Invalid token' });
    }
  };
}

module.exports = requireRole;
feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware 2026-03-15 21:07:22 +00:00			`// middleware/requireRole.js`
feat: implement role-based access control and auth routes 2026-03-16 00:07:16 +00:00			`const jwt = require('jsonwebtoken');`

			`/**`
			`* Middleware zur Prüfung der Benutzerrolle`
			`* @param {string[]} allowedRoles - Erlaubte Rollen`
			`* @returns {function} Express-Middleware-Funktion`
			`*/`
			`function requireRole(allowedRoles) {`
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes: 2026-03-15 20:07:14 +00:00			`return (req, res, next) => {`
feat: implement role-based access control and auth routes 2026-03-16 00:07:16 +00:00			`const authHeader = req.headers.authorization;`
			`if (!authHeader \|\| !authHeader.startsWith('Bearer ')) {`
			`return res.status(401).json({ error: 'Authorization header missing or invalid' });`
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes: 2026-03-15 20:07:14 +00:00			`}`
feat: implement role-based access control and auth routes 2026-03-16 00:07:16 +00:00
			`const token = authHeader.substring(7); // "Bearer " entfernen`
			`try {`
			`const decoded = jwt.verify(token, process.env.JWT_SECRET);`
			`if (!decoded.role \|\| !allowedRoles.includes(decoded.role)) {`
			`return res.status(403).json({ error: 'Insufficient permissions' });`
			`}`
			`req.user = decoded; // Nutzerdaten an die Request-Objekt anhängen`
			`next();`
			`} catch (err) {`
			`return res.status(401).json({ error: 'Invalid token' });`
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes: 2026-03-15 20:07:14 +00:00			`}`
			`};`
feat: implement role-based access control and auth routes 2026-03-16 00:07:16 +00:00			`}`
feat: implement role-based access control and auth routes This commit implements the role-based access control system as outlined in the project documentation. It includes: - A requireRole middleware for protecting routes - Auth routes for registration, login, profile management - Audit logging for sensitive actions - Role management endpoints - Updated app.js to include audit logging middleware 2026-03-15 21:07:22 +00:00
			`module.exports = requireRole;`