From 9c90f22c5c68e2320054b99c7e69677f7e778f6b Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Sun, 1 Jun 2025 08:30:09 +0200
Subject: Login, delete user

---
 src/api/middlewares/authMiddleware.js | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/api/middlewares/authMiddleware.js')

diff --git a/src/api/middlewares/authMiddleware.js b/src/api/middlewares/authMiddleware.js
index 4cdbb51..a1ba498 100644
--- a/src/api/middlewares/authMiddleware.js
+++ b/src/api/middlewares/authMiddleware.js
@@ -7,16 +7,19 @@ import { DbUser } from '#db/schemas/index.js';
  */
 export function validateAuth(options) {
     return async function (req, res, next) {
-        var auth = validateJwtToken(req.headers.authorization);
+        const auth = (req.auth = validateJwtToken(req.headers.authorization));
         if (!auth) {
             res.status(401).send('Unauthorized');
             return;
         }
 
-        req.user = await DbUser.findById(auth.id).exec();
+        const user = (req.user = await DbUser.findById(auth.id).exec());
 
-        req.auth = auth;
-        req = next();
+        if (options.roles && !options.roles.includes(user.type)) {
+            return;
+        }
+
+        next();
     };
 }
 
-- 
cgit 1.5.1