Skip to content

Commit f9252e5

Browse files
Somilg11Somilg11
authored
Merge pull request #34 from abhijit1859/feat/middleware-rbac
feat(middleware): add authentication middleware
2 parents d024685 + 23daac7 commit f9252e5

File tree

5 files changed

+72
-2
lines changed

5 files changed

+72
-2
lines changed

package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/app.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ import express from 'express';
22
import cors from 'cors';
33
import cookieparser from 'cookie-parser';
44
import authRoutes from './routes/authRoutes.js';
5+
import rbacRoutes from './routes/rbacRoutes.js';
56

67
const app = express();
78

@@ -15,7 +16,8 @@ app.use(express.urlencoded({ extended: true, limit: '16kb' }));
1516
app.use(express.static('public'));
1617
app.use(cookieparser());
1718

18-
// Routes
19+
//routes
1920
app.use('/api/auth', authRoutes);
21+
app.use('/api/rbac-test', rbacRoutes);
2022

2123
export { app };

src/middlewares/auth.middleware.js

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
import jwt from 'jsonwebtoken';
2+
3+
export const authMiddleware = (req, res, next) => {
4+
const authHeader = req.headers.authorization;
5+
6+
if (!authHeader || !authHeader.startsWith('Bearer')) {
7+
return res.status(401).json({
8+
message: "Unauthorize : No token provided"
9+
});
10+
}
11+
12+
const token = authHeader.split(" ")[1];
13+
14+
try {
15+
const decoded = jwt.verify(token, process.env.JWT_SECRET);
16+
17+
req.user = decoded;
18+
next();
19+
} catch (error) {
20+
console.error("Error: ", error.message);
21+
return res.status(401).json({ message: "Unauthorized: Invalid token" });
22+
}
23+
}
24+
25+

src/middlewares/rbac.middleware.js

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
export const checkRole = (roles = []) => {
2+
return (req, res, next) => {
3+
if (!Array.isArray(roles) || roles.length === 0) {
4+
return res.status(500).json({ message: "RBAC misconfiguration: roles array is required" });
5+
}
6+
7+
const userRole = req?.user?.role;
8+
if (!userRole) {
9+
return res.status(403).json({ message: "Forbidden: Role is missing" });
10+
}
11+
12+
const isAllowed = roles.includes(userRole);
13+
if (!isAllowed) {
14+
return res.status(403).json({ message: "Forbidden" });
15+
}
16+
17+
return next();
18+
};
19+
};
20+
21+

src/routes/rbacRoutes.js

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
import express from 'express';
2+
import { authMiddleware } from '../middlewares/auth.middleware.js';
3+
import { checkRole } from '../middlewares/rbac.middleware.js';
4+
5+
const router = express.Router();
6+
7+
8+
router.get('/admin-only', authMiddleware, checkRole(['Admin']), (req, res) => {
9+
return res.status(200).json({ message: 'Welcome, Admin' });
10+
});
11+
12+
13+
router.get('/user-only', authMiddleware, checkRole(['User']), (req, res) => {
14+
return res.status(200).json({ message: 'Welcome, User' });
15+
});
16+
17+
18+
19+
20+
export default router;
21+
22+

0 commit comments

Comments
 (0)