feat: use multi roles login (#60)

* feat: use multi roles login

- add support for protected roles
- refactor oauth code

* fix: adminUpdate role validation

* fix: update app

server/utils/authToken.go

@@ -26,7 +26,7 @@ type UserAuthClaim struct {
 	*JWTCustomClaim `json:"authorizer"`
 }
 
-func CreateAuthToken(user db.User, tokenType enum.TokenType, role string) (string, int64, error) {
+func CreateAuthToken(user db.User, tokenType enum.TokenType, roles []string) (string, int64, error) {
 	t := jwt.New(jwt.GetSigningMethod(constants.JWT_TYPE))
 	expiryBound := time.Hour
 	if tokenType == enum.RefreshToken {
@@ -41,7 +41,7 @@ func CreateAuthToken(user db.User, tokenType enum.TokenType, role string) (strin
 		"email":                  user.Email,
 		"id":                     user.ID,
 		"allowed_roles":          strings.Split(user.Roles, ","),
-		constants.JWT_ROLE_CLAIM: role,
+		constants.JWT_ROLE_CLAIM: roles,
 	}
 
 	t.Claims = &UserAuthClaim{

server/utils/common.go

@@ -18,3 +18,12 @@ func WriteToFile(filename string, data string) error {
 	}
 	return file.Sync()
 }
+
+func StringContains(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}

server/utils/validator.go

@@ -40,30 +40,14 @@ func IsSuperAdmin(gc *gin.Context) bool {
 	return secret == constants.ADMIN_SECRET
 }
 
-func IsValidRolesArray(roles []string) bool {
+func IsValidRoles(userRoles []string, roles []string) bool {
 	valid := true
-	currentRoleMap := map[string]bool{}
-
-	for _, currentRole := range constants.ROLES {
-		currentRoleMap[currentRole] = true
-	}
-	for _, inputRole := range roles {
-		if !currentRoleMap[inputRole] {
+	for _, role := range roles {
+		if !StringContains(userRoles, role) {
 			valid = false
 			break
 		}
 	}
-	return valid
-}
-
-func IsValidRole(userRoles []string, role string) bool {
-	valid := false
-	for _, currentRole := range userRoles {
-		if role == currentRole {
-			valid = true
-			break
-		}
-	}
 
 	return valid
 }