20 lines
No EOL
594 B
JavaScript
20 lines
No EOL
594 B
JavaScript
/**
|
|
* Middleware to check if the user has the required role(s)
|
|
* @param {string[]} allowedRoles - Array of roles allowed to access the endpoint
|
|
* @returns {function} Express middleware function
|
|
*/
|
|
export const requireRole = (allowedRoles) => {
|
|
return (req, res, next) => {
|
|
const userRole = req.user?.role;
|
|
|
|
if (!userRole) {
|
|
return res.status(401).json({ error: 'Unauthorized: Missing role claim' });
|
|
}
|
|
|
|
if (!allowedRoles.includes(userRole)) {
|
|
return res.status(403).json({ error: 'Forbidden: Insufficient permissions' });
|
|
}
|
|
|
|
next();
|
|
};
|
|
}; |