move middlewares out of auth

This commit is contained in:
Milo Schwartz 2024-11-16 22:48:10 -05:00
parent cc674c2b9c
commit c565c14aa0
No known key found for this signature in database
15 changed files with 15 additions and 19 deletions

View file

@ -0,0 +1,51 @@
import { Request, Response, NextFunction } from "express";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import logger from "@server/logger";
export async function verifyUserInRole(
req: Request,
res: Response,
next: NextFunction
) {
try {
const roleId = parseInt(
req.params.roleId || req.body.roleId || req.query.roleId
);
const userRoleId = req.userOrgRoleId;
if (isNaN(roleId)) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invalid role ID")
);
}
if (!userRoleId) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this organization"
)
);
}
if (userRoleId !== roleId) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this role"
)
);
}
return next();
} catch (error) {
logger.error("Error verifying role access:", error);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error verifying role access"
)
);
}
}