@helpio/common 1.0.5 → 1.0.6

package/build/index.d.ts

@@ -8,6 +8,7 @@ export * from "./types/auth";
 export * from "./middlewares/current-user";
 export * from "./middlewares/error-handler";
 export * from "./middlewares/require-auth";
+export * from "./middlewares/require-role";
 export * from "./middlewares/validate-request";
 export * from "./events/consumer";
 export * from "./events/producer";

package/build/index.js

@@ -21,6 +21,7 @@ __exportStar(require("./types/auth"), exports);
 __exportStar(require("./middlewares/current-user"), exports);
 __exportStar(require("./middlewares/error-handler"), exports);
 __exportStar(require("./middlewares/require-auth"), exports);
+__exportStar(require("./middlewares/require-role"), exports);
 __exportStar(require("./middlewares/validate-request"), exports);
 __exportStar(require("./events/consumer"), exports);
 __exportStar(require("./events/producer"), exports);

package/build/middlewares/require-role.d.ts

@@ -0,0 +1,6 @@
+import type { Request, Response, NextFunction } from "express";
+export declare const requireAnyRole: (allowedRoles: string[]) => (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
+export declare const requireWorker: (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
+export declare const requireEmployer: (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
+export declare const requireOwner: (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
+export declare const requireEmployerOrOwner: (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;

package/build/middlewares/require-role.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireEmployerOrOwner = exports.requireOwner = exports.requireEmployer = exports.requireWorker = exports.requireAnyRole = void 0;
+const normalizeRole = (value) => {
+    if (typeof value !== "string")
+        return undefined;
+    const trimmed = value.trim();
+    return trimmed ? trimmed.toLowerCase() : undefined;
+};
+const getRoleCandidates = (req) => {
+    const currentUser = req.currentUser;
+    if (!currentUser)
+        return [];
+    const directRole = normalizeRole(currentUser.role);
+    const rolesArray = Array.isArray(currentUser.roles)
+        ? currentUser.roles.map(normalizeRole).filter(Boolean)
+        : [];
+    const activeMode = normalizeRole(currentUser.activeMode);
+    return [directRole, activeMode, ...rolesArray].filter(Boolean);
+};
+const requireAnyRole = (allowedRoles) => {
+    const allowed = allowedRoles.map((r) => r.toLowerCase());
+    return (req, res, next) => {
+        const candidates = getRoleCandidates(req);
+        if (candidates.some((r) => allowed.includes(r))) {
+            return next();
+        }
+        return res.status(403).send({
+            error: "FORBIDDEN",
+            message: `Required role: ${allowedRoles.join(" | ")}`,
+        });
+    };
+};
+exports.requireAnyRole = requireAnyRole;
+exports.requireWorker = (0, exports.requireAnyRole)(["worker"]);
+exports.requireEmployer = (0, exports.requireAnyRole)(["employer"]);
+// Owner/admin access varies across deployments, so we accept a few common values.
+exports.requireOwner = (0, exports.requireAnyRole)(["owner", "admin", "super_admin"]);
+exports.requireEmployerOrOwner = (0, exports.requireAnyRole)([
+    "employer",
+    "owner",
+    "admin",
+    "super_admin",
+]);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@helpio/common",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "common library for Helpio ",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",