21 lines
833 B
JavaScript
21 lines
833 B
JavaScript
/**
|
|
* Require authenticated user. Optionally require role. Throws 401 if none, 403 if role insufficient.
|
|
* @param {import('h3').H3Event} event
|
|
* @param {{ role?: 'admin' | 'adminOrLeader' }} [opts] - role: 'admin' = admin only; 'adminOrLeader' = admin or leader
|
|
* @returns {{ id: string, identifier: string, role: string }} The current user.
|
|
*/
|
|
export function requireAuth(event, opts = {}) {
|
|
const user = event.context.user
|
|
if (!user) {
|
|
throw createError({ statusCode: 401, message: 'Unauthorized' })
|
|
}
|
|
const { role } = opts
|
|
if (role === 'admin' && user.role !== 'admin') {
|
|
throw createError({ statusCode: 403, message: 'Forbidden' })
|
|
}
|
|
if (role === 'adminOrLeader' && user.role !== 'admin' && user.role !== 'leader') {
|
|
throw createError({ statusCode: 403, message: 'Forbidden' })
|
|
}
|
|
return user
|
|
}
|