feat: add role-based route middleware for access restriction

frontend/app/middleware/adminOnly.ts

@@ -0,0 +1,15 @@
+import { Role } from "~/types/role";
+import type { User } from "~/types/user";
+
+export default defineNuxtRouteMiddleware(async (to) => {
+    const user = useSanctumUser<User>();
+
+    // If user is not authenticated, let sanctum:auth handle it
+    if (!user.value) {
+        return;
+    }
+
+    if (user.value.role !== Role.ADMIN) {
+        return abortNavigation(createError({ statusCode: 403, statusMessage: 'Forbidden' }));
+    }
+});

frontend/app/middleware/companyOnly.ts

@@ -0,0 +1,15 @@
+import { Role } from "~/types/role";
+import type { User } from "~/types/user";
+
+export default defineNuxtRouteMiddleware(async (to) => {
+    const user = useSanctumUser<User>();
+
+    // If user is not authenticated, let sanctum:auth handle it
+    if (!user.value) {
+        return;
+    }
+
+    if (user.value.role !== Role.EMPLOYER) {
+        return abortNavigation(createError({ statusCode: 403, statusMessage: 'Forbidden' }));
+    }
+});

frontend/app/middleware/studentOnly.ts

@@ -0,0 +1,15 @@
+import { Role } from "~/types/role";
+import type { User } from "~/types/user";
+
+export default defineNuxtRouteMiddleware(async (to) => {
+    const user = useSanctumUser<User>();
+
+    // If user is not authenticated, let sanctum:auth handle it
+    if (!user.value) {
+        return;
+    }
+
+    if (user.value.role !== Role.STUDENT) {
+        return abortNavigation(createError({ statusCode: 403, statusMessage: 'Forbidden' }));
+    }
+});