add verify role

2025-10-07 15:12:49 +07:00
parent ba7f746433
commit 2eec70b7e3
1 changed files with 38 additions and 0 deletions
--- a/middleware/verifyAccess.js
+++ b/middleware/verifyAccess.js
@@ -0,0 +1,38 @@
+const { ErrorHandler } = require("../helpers/error");
+const { getUserByIdDb } = require("../db/user.db");
+
+const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
+  return async (req, res, next) => {
+    try {
+      const user = req.user;
+
+      if (!user) throw new ErrorHandler(401, "Unauthorized: User not found");
+
+      // Super Admin bypass semua
+      if (user.is_sa) return next();
+
+      const fullUser = await getUserByIdDb(user.user_id);
+      if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
+
+      if (!fullUser.is_approve) {
+        if (req.method !== "GET") {
+          throw new ErrorHandler(403, "Account not approved — read-only access");
+        }
+
+        if (allowUnapprovedReadOnly) return next();
+
+        throw new ErrorHandler(403, "Account not approved");
+      }
+
+      if (!fullUser.role_level || fullUser.role_level < minLevel) {
+        throw new ErrorHandler(403, "Forbidden: Insufficient role level");
+      }
+
+      next();
+    } catch (err) {
+      next(err);
+    }
+  };
+};
+
+module.exports = verifyAccess;