feat: Add role-based access control tests and update server

backend/src/server.js

@@ -17,6 +17,11 @@ app.use(express.json());
 
 app.get('/health', (_req, res) => res.json({ status: 'ok' }));
 
+// Test route for role middleware
+app.get('/test-role', (_req, res) => {
+  res.status(200).json({ message: 'Test route for role middleware' });
+});
+
 // Metrics endpoint
 app.get('/metrics', (_req, res) => {
   const uptime = process.uptime();

backend/tests/roles.test.js

@@ -0,0 +1,32 @@
+const request = require('supertest');
+const app = require('../src/server');
+const { requireRole } = require('../middleware/role.middleware');
+
+describe('Role Middleware', () => {
+  // Test for a route that requires 'admin' role
+  it('should deny access to users without admin role', async () => {
+    const response = await request(app)
+      .get('/admin/users')
+      .set('Authorization', 'Bearer invalid-token');
+    
+    expect(response.status).toBe(401);
+  });
+
+  // Test for a route that requires 'moderator' role
+  it('should deny access to users without moderator role', async () => {
+    const response = await request(app)
+      .get('/moderator/reports')
+      .set('Authorization', 'Bearer invalid-token');
+    
+    expect(response.status).toBe(401);
+  });
+
+  // Test for a route that requires 'user' role
+  it('should deny access to users without user role', async () => {
+    const response = await request(app)
+      .get('/profile')
+      .set('Authorization', 'Bearer invalid-token');
+    
+    expect(response.status).toBe(401);
+  });
+});