summary refs log tree commit diff
path: root/src/api/middlewares/authMiddleware.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/middlewares/authMiddleware.js')
-rw-r--r--src/api/middlewares/authMiddleware.js11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/api/middlewares/authMiddleware.js b/src/api/middlewares/authMiddleware.js

index 4cdbb51..a1ba498 100644
--- a/src/api/middlewares/authMiddleware.js
+++ b/src/api/middlewares/authMiddleware.js
@@ -7,16 +7,19 @@ import { DbUser } from '#db/schemas/index.js';
  */
 export function validateAuth(options) {
     return async function (req, res, next) {
-        var auth = validateJwtToken(req.headers.authorization);
+        const auth = (req.auth = validateJwtToken(req.headers.authorization));
         if (!auth) {
             res.status(401).send('Unauthorized');
             return;
         }
 
-        req.user = await DbUser.findById(auth.id).exec();
+        const user = (req.user = await DbUser.findById(auth.id).exec());
 
-        req.auth = auth;
-        req = next();
+        if (options.roles && !options.roles.includes(user.type)) {
+            return;
+        }
+
+        next();
     };
 }
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-06-29 21:33:52 +0000