feat: use multi roles login (#60)

* feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app
2021-10-13 22:11:41 +05:30
parent 27944cf7b5
commit b376ee3b73
23 changed files with 248 additions and 219 deletions
--- a/server/handlers/oauthLogin.go
+++ b/server/handlers/oauthLogin.go
@@ -2,6 +2,7 @@ package handlers

 import (
 	"net/http"
+	"strings"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/enum"
@@ -18,7 +19,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// TODO validate redirect URL
 		redirectURL := c.Query("redirectURL")
-		role := c.Query("role")
+		roles := c.Query("roles")

 		if redirectURL == "" {
 			c.JSON(400, gin.H{
@@ -27,20 +28,24 @@ func OAuthLoginHandler() gin.HandlerFunc {
 			return
 		}

-		if role != "" {
+		if roles != "" {
 			// validate role
-			if !utils.IsValidRole(constants.ROLES, role) {
+			rolesSplit := strings.Split(roles, ",")
+
+			// use protected roles verification for admin login only.
+			// though if not associated with user, it will be rejected from oauth_callback
+			if !utils.IsValidRoles(append([]string{}, append(constants.ROLES, constants.PROTECTED_ROLES...)...), rolesSplit) {
 				c.JSON(400, gin.H{
 					"error": "invalid role",
 				})
 				return
 			}
 		} else {
-			role = constants.DEFAULT_ROLE
+			roles = strings.Join(constants.DEFAULT_ROLES, ",")
 		}

 		uuid := uuid.New()
-		oauthStateString := uuid.String() + "___" + redirectURL + "___" + role
+		oauthStateString := uuid.String() + "___" + redirectURL + "___" + roles

 		provider := c.Param("oauth_provider")