authrization added in login and middleware

Author: krishkumar84

pkg/http/handler/auth/login.go

@@ -42,6 +42,7 @@ func Login(storage storage.Storage, secretKey string) http.HandlerFunc {
         token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
             "user_id": user.ID,
             "student_id": user.StudentId,
+            "role":      string(user.Role),
             "exp": time.Now().Add(time.Hour * 24).Unix(), // Token expires in 24 hours
         })
 

pkg/middleware/auth.go

@@ -3,8 +3,9 @@ package middleware
 import (
 	"context"
 	"net/http"
-
+	"fmt"
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/krishkumar84/bdcoe-golang-portal/pkg/types"
 	"github.com/krishkumar84/bdcoe-golang-portal/pkg/utils/response"
 )
 
@@ -13,6 +14,7 @@ type contextKey string
 const (
 	UserIDKey    contextKey = "user_id"
 	StudentIDKey contextKey = "student_id"
+	RoleKey      contextKey = "role"      
 )
 
 type AuthMiddleware struct {
@@ -48,6 +50,18 @@ func (m *AuthMiddleware) Authenticate(next http.Handler) http.Handler {
 		// Update the context values to use the custom keys
 		ctx := context.WithValue(r.Context(), UserIDKey, claims["user_id"])
 		ctx = context.WithValue(ctx, StudentIDKey, claims["student_id"])
+		ctx = context.WithValue(ctx, RoleKey, claims["role"])
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
+
+func (m *AuthMiddleware) RequireAdmin(next http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        role := r.Context().Value(RoleKey)
+        if role != string(types.RoleAdmin) {
+            response.WriteJson(w, http.StatusForbidden, response.GeneralError(fmt.Errorf("admin access required")))
+            return
+        }
+        next.ServeHTTP(w, r)
+    })
+}