33 lines
No EOL
1.1 KiB
JavaScript
33 lines
No EOL
1.1 KiB
JavaScript
/**
|
|
* Middleware to check if the user has the required role(s)
|
|
* @param {string[]} requiredRoles - Array of required roles
|
|
* @returns {function} Express middleware function
|
|
*/
|
|
export const requireRole = (requiredRoles) => {
|
|
return (req, res, next) => {
|
|
// Get the user's role from the JWT token (assuming it's in req.user.role)
|
|
const userRole = req.user?.role;
|
|
|
|
// If no user role is found, deny access
|
|
if (!userRole) {
|
|
return res.status(401).json({ error: 'Unauthorized' });
|
|
}
|
|
|
|
// Check if the user has at least one of the required roles
|
|
if (requiredRoles.includes(userRole)) {
|
|
next(); // User has the required role, proceed to the next middleware/route
|
|
} else {
|
|
return res.status(403).json({ error: 'Forbidden' });
|
|
}
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Helper function to check if a user has a specific role
|
|
* @param {string} userRole - The user's role
|
|
* @param {string[]} requiredRoles - Array of required roles
|
|
* @returns {boolean} Whether the user has at least one of the required roles
|
|
*/
|
|
export const hasRole = (userRole, requiredRoles) => {
|
|
return requiredRoles.includes(userRole);
|
|
}; |