@mini2/core/dist/middlewares/authorized.middleware.js

Mini Express Framework - Lightweight and modular Express.js framework with TypeScript support

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.authorizedMiddleware = void 0;
const http_expection_1 = require("../expections/http.expection");
/** Header tabanlı yetkilendirme (throw’lu):
 *  - required: gerekli permission listesi
 *  - Mevcut izinler önce req.user.permissions’tan,
 *    yoksa x-user-permissions header’ından alınır.
 */
const authorizedMiddleware = (required) => {
    return (req, _res, next) => {
        const fromReq = req.user?.permissions ?? [];
        const fromHeader = String(req.headers['x-user-permissions'] ?? '')
            .split(',')
            .map((s) => s.trim())
            .filter(Boolean);
        const current = new Set([...fromReq, ...fromHeader]);
        const ok = required.length === 0 || required.some((perm) => current.has(perm));
        if (!ok) {
            // 403 → throw (global error handler bunu 403’e map etmeli)
            throw new http_expection_1.ForbiddenException({ message: 'Forbidden' });
        }
        next();
    };
};
exports.authorizedMiddleware = authorizedMiddleware;
//# sourceMappingURL=authorized.middleware.js.map