/**
 * Middleware to check if the user has the required role(s)
 * @param {string[]} allowedRoles - Array of roles allowed to access the endpoint
 * @returns {function} Express middleware function
 */
export const requireRole = (allowedRoles) => {
  return (req, res, next) => {
    const userRole = req.user?.role;
    
    if (!userRole) {
      return res.status(401).json({ error: 'Unauthorized: Missing role claim' });
    }
    
    if (!allowedRoles.includes(userRole)) {
      return res.status(403).json({ error: 'Forbidden: Insufficient permissions' });
    }
    
    next();
  };
};