Skip to content

[FEATURE] API: Role-Based Access Control (RBAC) authorization middleware (#62) #314

Description

@KevinMB0220

📋 Feature Description

Clear and concise description of the feature:
Create a middleware that enforces Role-Based Access Control (RBAC) across Express REST endpoints. Supported roles: Admin, Manager, Operator, Auditor.

🎯 Motivation

Why is this feature needed? What problem does it solve?
Roadmap item #62. Organizations need scoped access policies to prevent operators from performing administrative actions (e.g. key deletion).

💡 Proposed Solution

How should this feature work? Include technical details:
Middleware intercepts requests, decodes auth claims, and matches required endpoint scopes.

🔧 Technical Implementation

Implementation details for AI/developers:

Files to Create/Modify

  • packages/api/rest/src/middleware/rbac.ts

Dependencies

  • None

API Changes

export function requireRole(roles: string[]): RequestHandler;

✅ Acceptance Criteria

  • Request gets rejected with 403 if role is insufficient.
  • Request passes to handler if role is matching.
  • Full coverage unit tests.

📚 Additional Context

None.

🔗 Related Issues

  • N/A

🏷️ Labels

Phase: phase-4
Component: api
Priority: critical


---

Metadata

Metadata

Assignees

No one assigned

    Labels

    Stellar WaveIssues in the Stellar wave programenhancementNew feature or requestphase-4Phase 4: Enterprise & Scale

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions