implemented role and state based authorization

api/src/middleware/auth.ts

@@ -1,4 +1,6 @@
 import { NextFunction, Request, Response } from "express";
+import { MemberState } from "../services/memberService";
+import { stat } from "fs";
 
 export const requireLogin = function (req: Request, res: Response, next: NextFunction) {
     if (req.user?.id)
@@ -7,8 +9,41 @@ export const requireLogin = function (req: Request, res: Response, next: NextFun
         res.sendStatus(401)
 }
 
-function requireRole(roleName: string) {
+export function requireMemberState(state: MemberState) {
     return function (req: Request, res: Response, next: NextFunction) {
-
+        if (req.user?.state === state)
+            next();
+        else
+            res.status(403).send("You must be a member of the 17th RBN to access this resource");
     }
+}
+
+export function requireRole(requiredRoles: string | string[]) {
+    // Normalize the input to always be an array of lowercase required roles
+    const normalizedRequiredRoles: string[] = Array.isArray(requiredRoles)
+        ? requiredRoles.map(role => role.toLowerCase())
+        : [requiredRoles.toLowerCase()];
+
+    const DEV_ROLE = 'dev';
+
+    return function (req: Request, res: Response, next: NextFunction) {
+        if (!req.user || !req.user.roles) {
+            // User is not authenticated or has no roles array
+            return res.sendStatus(401);
+        }
+
+        const userRolesLowercase = req.user.roles.map(role => role.name.toLowerCase());
+
+        // Check if the user has *any* of the required roles OR the 'dev' role
+        const hasAccess = userRolesLowercase.some(userRole =>
+            userRole === DEV_ROLE || normalizedRequiredRoles.includes(userRole)
+        );
+
+        if (hasAccess) {
+            return next();
+        } else {
+            // User is authenticated but does not have the necessary permissions
+            return res.sendStatus(403);
+        }
+    };
 }