authorization-z/dist/middleware/authorizeAccessMiddleware.js

`Authorization-Z` is a comprehensive Express middleware package for validating JWT Authorization-Z tokens, attaching permissions to requests, verifying permissions, and granting access accordingly. This package provides a robust solution for implementing

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.authorizeAccess = void 0;
const AppError_1 = require("../errors/AppError");
const messages_1 = require("../constants/messages");
const authorizeAccess = (moduleName, action) => {
    return (req, res, next) => {
        try {
            if (req === null || req === void 0 ? void 0 : req.isAdmin) {
                return next();
            }
            const permissions = req.permissions;
            if (!permissions || typeof permissions !== "object" || Array.isArray(permissions)) {
                throw new AppError_1.AppError((0, messages_1.getMessage)(req.lang, "errors", "VALID_PERMISSIONS_REQUIRED"), 400);
            }
            const modulePermissions = permissions[moduleName.trim()];
            if (!modulePermissions) {
                throw new AppError_1.AppError(`${(0, messages_1.getMessage)(req.lang, "errors", "MODULE_ACCESS_DENIED")} : ${moduleName}`, 403);
            }
            const hasAccess = modulePermissions.some((perm) => perm.toLowerCase() === action.trim().toLowerCase());
            if (!hasAccess) {
                throw new AppError_1.AppError(`${(0, messages_1.getMessage)(req.lang, "errors", "ACTION_ACCESS_DENIED")} : ${moduleName} > ${action}`, 403);
            }
            return next();
        }
        catch (error) {
            const statusCode = error instanceof AppError_1.AppError ? error.statusCode : 500;
            const message = error instanceof AppError_1.AppError ? error.message : "Internal server error";
            res.status(statusCode).json({ message });
        }
    };
};
exports.authorizeAccess = authorizeAccess;