mirror of
https://github.com/bluewave-labs/Checkmate.git
synced 2026-01-19 16:19:45 -06:00
56 lines
1.4 KiB
JavaScript
56 lines
1.4 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
const TOKEN_PREFIX = "Bearer ";
|
|
const SERVICE_NAME = "allowedRoles";
|
|
import { errorMessages } from "../utils/messages.js";
|
|
|
|
const isAllowed = (allowedRoles) => {
|
|
return (req, res, next) => {
|
|
const token = req.headers["authorization"];
|
|
|
|
// If no token is pressent, return an error
|
|
if (!token) {
|
|
const error = new Error(errorMessages.NO_AUTH_TOKEN);
|
|
error.status = 401;
|
|
error.service = SERVICE_NAME;
|
|
next(error);
|
|
return;
|
|
}
|
|
|
|
// If the token is improperly formatted, return an error
|
|
if (!token.startsWith(TOKEN_PREFIX)) {
|
|
const error = new Error(errorMessages.INVALID_AUTH_TOKEN);
|
|
error.status = 400;
|
|
error.service = SERVICE_NAME;
|
|
next(error);
|
|
return;
|
|
}
|
|
// Parse the token
|
|
try {
|
|
const parsedToken = token.slice(TOKEN_PREFIX.length, token.length);
|
|
const { jwtSecret } = req.settingsService.getSettings();
|
|
var decoded = jwt.verify(parsedToken, jwtSecret);
|
|
const userRoles = decoded.role;
|
|
|
|
// Check if the user has the required role
|
|
if (userRoles.some((role) => allowedRoles.includes(role))) {
|
|
next();
|
|
return;
|
|
} else {
|
|
const error = new Error(errorMessages.INSUFFICIENT_PERMISSIONS);
|
|
error.status = 401;
|
|
error.service = SERVICE_NAME;
|
|
next(error);
|
|
return;
|
|
}
|
|
} catch (error) {
|
|
error.status = 401;
|
|
error.method = "isAllowed";
|
|
error.service = SERVICE_NAME;
|
|
next(error);
|
|
return;
|
|
}
|
|
};
|
|
};
|
|
|
|
export { isAllowed };
|