From 6ba483f0b7bdbcb5908022ee96b2560b1777fbd6 Mon Sep 17 00:00:00 2001
From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com>
Date: Mon, 11 Mar 2024 09:28:59 +0700
Subject: [PATCH] Add middleware for role check

---
 src/middlewares/role.ts | 13 +++++++++++++
 src/middlewares/user.ts | 12 ++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 src/middlewares/role.ts
 create mode 100644 src/middlewares/user.ts

diff --git a/src/middlewares/role.ts b/src/middlewares/role.ts
new file mode 100644
index 00000000..f6e6da9d
--- /dev/null
+++ b/src/middlewares/role.ts
@@ -0,0 +1,13 @@
+import * as express from "express";
+import HttpError from "../interfaces/http-error";
+import HttpStatus from "../interfaces/http-status";
+import { RequestWithUser } from "./user";
+
+export function authRole(role: string) {
+  return (req: RequestWithUser, _res: express.Response, next: express.NextFunction) => {
+    if (!req.user.role.includes(role)) {
+      throw new HttpError(HttpStatus.FORBIDDEN, "คุณไม่มีสิทธิในการเข้าถึงทรัพยากรดังกล่าว");
+    }
+    next();
+  };
+}
diff --git a/src/middlewares/user.ts b/src/middlewares/user.ts
new file mode 100644
index 00000000..12c5d597
--- /dev/null
+++ b/src/middlewares/user.ts
@@ -0,0 +1,12 @@
+import type { Request } from "express";
+
+export type RequestWithUser = Request & {
+  user: {
+    name: string;
+    given_name: string;
+    familiy_name: string;
+    preferred_username: string;
+    email: string;
+    role: string[];
+  };
+};