helpyourneighbour/backend/middleware/requireRole.js

/**
 * Middleware to require a specific role for an endpoint.
 * @param {string[]} allowedRoles - Array of roles allowed to access the endpoint.
 * @returns {function} Express middleware function.
 */
module.exports = (allowedRoles) => {
  return (req, res, next) => {
    const userRole = req.user?.role;
    
    if (!userRole) {
      return res.status(401).json({ error: 'Authorization required' });
    }
    
    if (!allowedRoles.includes(userRole)) {
      return res.status(403).json({ error: 'Insufficient permissions' });
    }
    
    next();
  };
};
feat: implement role-based access control and auth routes This commit implements the role-based access control middleware and authentication routes as per the project's requirements. It includes: 2026-03-15 20:07:14 +00:00			`/**`
			`* Middleware to require a specific role for an endpoint.`
			`* @param {string[]} allowedRoles - Array of roles allowed to access the endpoint.`
			`* @returns {function} Express middleware function.`
			`*/`
			`module.exports = (allowedRoles) => {`
			`return (req, res, next) => {`
			`const userRole = req.user?.role;`

			`if (!userRole) {`
			`return res.status(401).json({ error: 'Authorization required' });`
			`}`

			`if (!allowedRoles.includes(userRole)) {`
			`return res.status(403).json({ error: 'Insufficient permissions' });`
			`}`

			`next();`
			`};`
			`};`