feat: implement role-based access control and auth routes
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit is contained in:
BibaBot Jarvis
parent
91eb0828e3
commit
7c9862a08a
3 changed files with 344 additions and 45 deletions
|
|
@ -1,18 +1,30 @@
|
|||
// middleware/requireRole.js
|
||||
const requireRole = (allowedRoles) => {
|
||||
const jwt = require('jsonwebtoken');
|
||||
|
||||
/**
|
||||
* Middleware zur Prüfung der Benutzerrolle
|
||||
* @param {string[]} allowedRoles - Erlaubte Rollen
|
||||
* @returns {function} Express-Middleware-Funktion
|
||||
*/
|
||||
function requireRole(allowedRoles) {
|
||||
return (req, res, next) => {
|
||||
const userRole = req.user?.role;
|
||||
|
||||
if (!userRole) {
|
||||
return res.status(401).json({ error: 'Authorization required' });
|
||||
const authHeader = req.headers.authorization;
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'Authorization header missing or invalid' });
|
||||
}
|
||||
|
||||
if (!allowedRoles.includes(userRole)) {
|
||||
return res.status(403).json({ error: 'Insufficient permissions' });
|
||||
|
||||
const token = authHeader.substring(7); // "Bearer " entfernen
|
||||
try {
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
if (!decoded.role || !allowedRoles.includes(decoded.role)) {
|
||||
return res.status(403).json({ error: 'Insufficient permissions' });
|
||||
}
|
||||
req.user = decoded; // Nutzerdaten an die Request-Objekt anhängen
|
||||
next();
|
||||
} catch (err) {
|
||||
return res.status(401).json({ error: 'Invalid token' });
|
||||
}
|
||||
|
||||
next();
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
module.exports = requireRole;
|
||||
Loading…
Add table
Add a link
Reference in a new issue