# Issue #123: Implement Role-Based Access Control (RBAC) for API Endpoints

## Description

Implement role-based access control (RBAC) for the API endpoints to ensure that users can only access resources and perform actions according to their assigned roles (`user`, `moderator`, `admin`).

This task involves:
1. Creating middleware to check user roles
2. Applying role checks to existing API endpoints
3. Ensuring audit logging for sensitive operations

## Acceptance Criteria

- [ ] JWT tokens include a `role` claim
- [ ] Middleware `requireRole([...])` is implemented and functional
- [ ] All existing API endpoints are updated with appropriate role requirements
- [ ] Audit events are logged for sensitive actions
- [ ] Documentation of the RBAC implementation is updated