Skip to content

Implement role-based authorization to enhance data security

Hikmat Bangash requested to merge development into main

Implement role-based authorization to enhance data security

In this commit, I have added role-based authorization functionality to the existing codebase, ensuring secure data protection. The implementation follows best practices for protecting sensitive data and allows fine-grained access control based on user roles.

Changes Made:

  • Refactored the 'verifyToken' function to return a Promise that resolves with the user data after successful JWT token verification.
  • Updated the 'verifyUser' and 'verifyAdmin' functions to properly handle the asynchronous nature of 'verifyToken' using the 'await' keyword.
  • Added appropriate error handling in case of token verification failure, ensuring proper error propagation.

The 'verifyUser' middleware now verifies the citizen's token before allowing access to certain routes. It checks if the citizen ID matches the requested ID or if the citizen is an admin. If the conditions are met, the request is allowed to proceed; otherwise, a 403 Forbidden response is sent.

The 'verifyAdmin' middleware verifies the token and checks if the user is an admin; if so, the request is allowed to proceed; otherwise, a 403 Forbidden response is sent, ensuring that only authorized personnel can access certain privileged functionalities.

These changes significantly enhance the security of the application by enforcing role-based authorization and preventing unauthorized access to sensitive data.

Dear teammates, please review and test the code changes thoroughly to ensure the proper functioning of the role-based authorization system.

Merge request reports