rbac-express-auth 1.0.1

package/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "rbac-express-auth",
+  "version": "1.0.1",
+  "description": "Lightweight RBAC middleware for Express.js",
+  "main": "src/index.js",
+  "keywords": [
+    "rbac",
+    "express",
+    "authorization",
+    "role-based-access-control",
+    "auth"
+  ],
+  "peerDependencies": {
+    "express": ">=4"
+  },
+  "author": "Akshay Chaudhary",
+  "license": "ISC",
+  "type": "module"
+}

package/src/authorize.js

@@ -0,0 +1,28 @@
+import { rbacErrors } from "./errors.js"
+
+
+export const authorize = (allowedRoles = []) => {
+
+
+    if(!Array.isArray(allowedRoles)) {
+        throw new Error(rbacErrors.INVALID_ROLES.message)
+    }
+
+    return (req, res, next) => {
+
+        if(!req.user || req.user === undefined) {
+            return res.status(rbacErrors.UNAUTHORIZED.status).json(rbacErrors.UNAUTHORIZED.message)
+        }
+
+        if(!req.user.role || req.user.role === undefined) {
+            return res.status(rbacErrors.ROLE_MISSING.status).json(rbacErrors.ROLE_MISSING.message)
+        }
+
+        if(!allowedRoles.includes(req.user.role)){
+            return res.status(rbacErrors.FORBIDDEN.status).json(rbacErrors.FORBIDDEN.message)
+        }
+
+        next()
+
+    }
+}

package/src/errors.js

@@ -0,0 +1,24 @@
+export const rbacErrors = {
+
+    UNAUTHORIZED: {
+        status: 401,
+        message: 'unauthorized: user not authenticated'
+    },
+
+    ROLE_MISSING: {
+        status: 401,
+        message: 'Unauthorized: user role not found'
+    },
+
+    FORBIDDEN: {
+        status: 403,
+        message: 'unauthorized user: insufficient permissions'
+    },
+
+    INVALID_ROLES: {
+        status: 500,
+        message: 'Server error: invalid roles configuration'
+    }
+
+
+}

package/src/index.js

@@ -0,0 +1,5 @@
+
+import { authorize } from './authorize.js'
+
+
+export { authorize }