// middleware/requireRole.js
const roleRank = { USER: 1, MOD: 2, ADMIN: 3 };

module.exports = function requireRole(minRole = "USER") {
  return (req, res, next) => {
    if (!req.auth) return res.status(401).json({ error: "Token yok" });

    const userRole = req.auth.role || "USER";
    if ((roleRank[userRole] || 0) < (roleRank[minRole] || 0)) {
      return res.status(403).json({ error: "Yetkisiz" });
    }
    next();
  };
};