79273960

Date: 2024-12-12 05:55:42
Score: 0.5
Natty:
Report link
const jwt = require('jsonwebtoken');

// JWT secret key
const JWT_SECRET = process.env.JWT_SECRET;

// Verify JWT token and role
const verifyToken = (requestedRoles) => {
    return (req, res, next) => {
        const token = req.headers['authorization']?.split(' ')[1];

        if (!token) {
            return res.status(403).json({ message: 'No token provided' });
        }

        jwt.verify(token, JWT_SECRET, (err, decoded) => {
            if (err) {
                return res.status(401).json({ message: 'Unauthorized' });
            }

            // Attach the User and Role
            req.user = decoded;

            // Check the Role
            if (requestedRoles && !requestedRoles.includes(decoded.role)) {
                return res.status(403).json({ message: 'Access denied. Insufficient role.' });
            }

            next();
        });
    };
};

module.exports = verifyToken;
Reasons:
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Unregistered user (0.5):
  • Low reputation (1):
Posted by: Vance