753b54e0e1
Some checks are pending
Docker Test / test (push) Waiting to run
This commit implements the role-based access control middleware and adds auth routes with proper role checks for user, moderator, and admin roles as defined in the documentation.
18 lines
No EOL
425 B
JavaScript
18 lines
No EOL
425 B
JavaScript
// middleware/requireRole.js
|
|
const requireRole = (allowedRoles) => {
|
|
return (req, res, next) => {
|
|
const userRole = req.user?.role;
|
|
|
|
if (!userRole) {
|
|
return res.status(401).json({ error: 'Authorization required' });
|
|
}
|
|
|
|
if (!allowedRoles.includes(userRole)) {
|
|
return res.status(403).json({ error: 'Insufficient permissions' });
|
|
}
|
|
|
|
next();
|
|
};
|
|
};
|
|
|
|
module.exports = requireRole; |