fase(9): auth module with casl rbac and session management

dist/modules/auth/application/middleware/RBACMiddleware.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requirePermission = requirePermission;
+const AbilityFactory_1 = require("../../infrastructure/casl/AbilityFactory");
+function requirePermission(action, subject) {
+    return function rbacMiddleware(req, res, next) {
+        if (!req.user) {
+            res.status(401).json({ error: 'Unauthorized' });
+            return;
+        }
+        const ability = (0, AbilityFactory_1.defineAbilityFor)(req.user.role);
+        if (!ability.can(action, subject)) {
+            res.status(403).json({
+                error: 'Forbidden',
+                message: `You do not have permission to ${action} ${subject}`,
+            });
+            return;
+        }
+        next();
+    };
+}