feat: add role-based access control middleware and auth routes
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit implements the role-based access control as per the project's security requirements. It includes: - A new middleware 'requireRole' that checks user roles for protected endpoints - Updated auth routes with role protection - Auth controller with proper registration and login logic including JWT token generation - Default user role assignment during registration
This commit is contained in:
BibaBot Jarvis
parent
a4d236b5f3
commit
437bb1d504
3 changed files with 120 additions and 142 deletions
20
backend/src/middleware/requireRole.js
Normal file
20
backend/src/middleware/requireRole.js
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
/**
|
||||
* Middleware to require a specific role for an endpoint.
|
||||
* @param {string[]} allowedRoles - Array of roles allowed to access the endpoint.
|
||||
* @returns {function} Express middleware function.
|
||||
*/
|
||||
export default function requireRole(allowedRoles) {
|
||||
return (req, res, next) => {
|
||||
const userRole = req.user?.role;
|
||||
|
||||
if (!userRole) {
|
||||
return res.status(401).json({ error: 'Authorization required' });
|
||||
}
|
||||
|
||||
if (!allowedRoles.includes(userRole)) {
|
||||
return res.status(403).json({ error: 'Insufficient permissions' });
|
||||
}
|
||||
|
||||
next();
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue