feat: Implement role-based access control middleware and update documentation

backend/middleware/role.middleware.js

@@ -0,0 +1,20 @@
+/**
+ * Middleware to check if the user has the required role(s)
+ * @param {string[]} allowedRoles - Array of roles allowed to access the endpoint
+ * @returns {function} Express middleware function
+ */
+export const requireRole = (allowedRoles) => {
+  return (req, res, next) => {
+    const userRole = req.user?.role;
+    
+    if (!userRole) {
+      return res.status(401).json({ error: 'Unauthorized: Missing role claim' });
+    }
+    
+    if (!allowedRoles.includes(userRole)) {
+      return res.status(403).json({ error: 'Forbidden: Insufficient permissions' });
+    }
+    
+    next();
+  };
+};