add roles to user and token

db/migrations/000005_add_role.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "users" DROP COLUMN "role";

db/migrations/000005_add_role.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "users" ADD COLUMN "role" varchar NOT NULL DEFAULT 'generator';

db/migrations/procs/user/create_user.sql

@@ -12,7 +12,8 @@ RETURNS TABLE (
     email VARCHAR,
     password_changed_at TIMESTAMP WITH TIME ZONE,
     created_at TIMESTAMP WITH TIME ZONE,
-    is_email_verified BOOLEAN
+    is_email_verified BOOLEAN,
+    role VARCHAR
 ) AS $$
 BEGIN
     RETURN QUERY

db/migrations/procs/user/create_verify_email.sql

@@ -11,7 +11,8 @@ RETURNS TABLE (
     secret_code VARCHAR,
     is_used BOOLEAN,
     created_at TIMESTAMP WITH TIME ZONE,
-    expires_at_at TIMESTAMP WITH TIME ZONE
+    expires_at_at TIMESTAMP WITH TIME ZONE,
+    role VARCHAR
 ) AS $$
 BEGIN
     RETURN QUERY
@@ -24,7 +25,8 @@ BEGIN
         verify_emails.secret_code,
         verify_emails.is_used,
         verify_emails.created_at,
-        verify_emails.expired_at;
+        verify_emails.expired_at,
+        verify_emails.role VARCHAR;
 
 END;
 $$ LANGUAGE plpgsql;

db/migrations/procs/user/get_user.sql

@@ -9,7 +9,8 @@ RETURNS TABLE (
     email VARCHAR,
     password_changed_at TIMESTAMP WITH TIME ZONE,
     created_at TIMESTAMP WITH TIME ZONE,
-    is_email_verified BOOLEAN
+    is_email_verified BOOLEAN,
+    role VARCHAR
 ) AS $$
 BEGIN
     RETURN QUERY
@@ -20,7 +21,8 @@ BEGIN
         users.email,
         users.password_changed_at,
         users.created_at,
-        users.is_email_verified
+        users.is_email_verified,
+        users.role
     FROM users
     WHERE users.username = p_username
     LIMIT 1;

db/migrations/procs/user/update_user.sql

@@ -14,7 +14,8 @@ RETURNS TABLE (
     email VARCHAR,
     password_changed_at TIMESTAMP WITH TIME ZONE,
     created_at TIMESTAMP WITH TIME ZONE,
-    is_email_verfied BOOLEAN
+    is_email_verfied BOOLEAN,
+    role VARCHAR
 ) AS $$
 BEGIN
     RETURN QUERY

db/migrations/procs/user/update_verify_email.sql

@@ -10,7 +10,8 @@ RETURNS TABLE (
     secret_code VARCHAR,
     is_used BOOLEAN,
     created_at TIMESTAMP WITH TIME ZONE,
-    expires_at_at TIMESTAMP WITH TIME ZONE
+    expires_at_at TIMESTAMP WITH TIME ZONE,
+    role VARCHAR
 ) AS $$
 BEGIN
     RETURN QUERY
@@ -28,7 +29,8 @@ BEGIN
         verify_emails.secret_code,
         verify_emails.is_used,
         verify_emails.created_at,
-        verify_emails.expired_at;
+        verify_emails.expired_at,
+        verify_emails.role;
 
 END;
 $$ LANGUAGE plpgsql;

db/store/error.go

@@ -3,6 +3,7 @@ package db
 import (
 	"database/sql"
 	"errors"
+	"fmt"
 
 	"github.com/jackc/pgx/v5/pgconn"
 )
@@ -20,6 +21,9 @@ var ErrUniqueViolation = &pgconn.PgError{
 
 func ErrorCode(err error) string {
 	var pgErr *pgconn.PgError
+	// TODO: handle err conversion
+	fmt.Printf("errrrrr %#v", err)
+
 	if errors.As(err, &pgErr) {
 		return pgErr.Code
 	}

db/store/models.go

@@ -50,6 +50,7 @@ type User struct {
 	PasswordChangedAt time.Time `json:"password_changed_at"`
 	CreatedAt         time.Time `json:"created_at"`
 	IsEmailVerified   bool      `json:"is_email_verified"`
+	Role              string    `json:"role"`
 }
 
 type VerifyEmail struct {

db/store/user.go

@@ -78,6 +78,7 @@ func scanUserFromRow(row *sql.Row, user *User) error {
 		&user.PasswordChangedAt,
 		&user.CreatedAt,
 		&user.IsEmailVerified,
+		&user.Role,
 	)
 
 	// Check for errors after scanning

gapi/main_test.go

@@ -25,9 +25,9 @@ func newTestServer(t *testing.T, store db.Store, taskDistributor worker.TaskDist
 	return server
 }
 
-func newNewContextWithBearerToken(t *testing.T, tokenMaker token.Maker, username string, duration time.Duration) context.Context {
+func newNewContextWithBearerToken(t *testing.T, tokenMaker token.Maker, username, role string, duration time.Duration) context.Context {
 	ctx := context.Background()
-	accessToken, payload, err := tokenMaker.CreateToken(username, duration)
+	accessToken, payload, err := tokenMaker.CreateToken(username, role, duration)
 	require.NoError(t, err)
 	require.NotNil(t, payload)
 

gapi/rpc_login_user.go

@@ -38,6 +38,7 @@ func (server *Server) LoginUser(ctx context.Context, req *pb.LoginUserRequest) (
 
 	accessToken, accessPayload, err := server.tokenMaker.CreateToken(
 		user.Username,
+		user.Role,
 		server.config.AccessTokenDuration,
 	)
 	if err != nil {
@@ -46,6 +47,7 @@ func (server *Server) LoginUser(ctx context.Context, req *pb.LoginUserRequest) (
 
 	refreshToken, refreshPayload, err := server.tokenMaker.CreateToken(
 		user.Username,
+		user.Role,
 		server.config.RefreshTokenDuration,
 	)
 	if err != nil {

gapi/rpc_update_user_test.go

@@ -66,7 +66,7 @@ func TestUpdateUserAPI(t *testing.T) {
 
 			},
 			buildContext: func(t *testing.T, tokenMaker token.Maker) context.Context {
-				return newNewContextWithBearerToken(t, tokenMaker, user.Username, time.Minute)
+				return newNewContextWithBearerToken(t, tokenMaker, user.Username, user.Role, time.Minute)
 			},
 			checkResponse: func(t *testing.T, res *pb.UpdateUserResponse, err error) {
 				require.NoError(t, err)
@@ -94,7 +94,7 @@ func TestUpdateUserAPI(t *testing.T) {
 
 			},
 			buildContext: func(t *testing.T, tokenMaker token.Maker) context.Context {
-				return newNewContextWithBearerToken(t, tokenMaker, user.Username, time.Minute)
+				return newNewContextWithBearerToken(t, tokenMaker, user.Username, user.Role, time.Minute)
 			},
 			checkResponse: func(t *testing.T, res *pb.UpdateUserResponse, err error) {
 				require.Error(t, err)
@@ -119,7 +119,7 @@ func TestUpdateUserAPI(t *testing.T) {
 
 			},
 			buildContext: func(t *testing.T, tokenMaker token.Maker) context.Context {
-				return newNewContextWithBearerToken(t, tokenMaker, user.Username, -time.Minute)
+				return newNewContextWithBearerToken(t, tokenMaker, user.Username, user.Role, -time.Minute)
 			},
 			checkResponse: func(t *testing.T, res *pb.UpdateUserResponse, err error) {
 				require.Error(t, err)
@@ -168,7 +168,7 @@ func TestUpdateUserAPI(t *testing.T) {
 
 			},
 			buildContext: func(t *testing.T, tokenMaker token.Maker) context.Context {
-				return newNewContextWithBearerToken(t, tokenMaker, user.Username, time.Minute)
+				return newNewContextWithBearerToken(t, tokenMaker, user.Username, user.Role, time.Minute)
 			},
 			checkResponse: func(t *testing.T, res *pb.UpdateUserResponse, err error) {
 				require.Error(t, err)

token/maker.go

@@ -5,7 +5,7 @@ import "time"
 // Maker is an interface for managing token
 type Maker interface {
 	// CreateToken creates a new token for a specific username and duration
-	CreateToken(username string, duration time.Duration) (string, *Payload, error)
+	CreateToken(username, role string, duration time.Duration) (string, *Payload, error)
 
 	// VerifyToken checks if the token is valid or not
 	VerifyToken(token string) (*Payload, error)

token/paseto_maker.go

@@ -27,8 +27,8 @@ func NewPASETOMaker(symmetricKey string) (Maker, error) {
 }
 
 // CreateToken creates a new token for a specific username and duration
-func (maker *PASETOMaker) CreateToken(username string, duration time.Duration) (string, *Payload, error) {
-	payload, err := NewPayload(username, duration)
+func (maker *PASETOMaker) CreateToken(username, role string, duration time.Duration) (string, *Payload, error) {
+	payload, err := NewPayload(username, role, duration)
 	if err != nil {
 		return "", payload, err
 	}

token/paseto_maker_test.go

@@ -18,8 +18,9 @@ func TestPASETOMaker(t *testing.T) {
 
 	issuedAt := time.Now()
 	expiredAt := issuedAt.Add(duration)
+	role := util.GeneratorRole
 
-	token, payload, err := maker.CreateToken(username, duration)
+	token, payload, err := maker.CreateToken(username, role, duration)
 	require.NoError(t, err)
 	require.NotEmpty(t, token)
 	require.NotEmpty(t, payload)
@@ -30,6 +31,7 @@ func TestPASETOMaker(t *testing.T) {
 
 	require.NotZero(t, payload.ID)
 	require.Equal(t, username, payload.Username)
+	require.Equal(t, role, payload.Role)
 	require.WithinDuration(t, issuedAt, payload.IssuedAt, time.Second)
 	require.WithinDuration(t, expiredAt, payload.ExpiredAt, time.Second)
 
@@ -39,7 +41,9 @@ func TestExpiredPASETOToken(t *testing.T) {
 	maker, err := NewPASETOMaker(util.RandomString(32))
 	require.NoError(t, err)
 
-	token, payload, err := maker.CreateToken(util.RandomOwner(), -time.Minute)
+	role := util.GeneratorRole
+
+	token, payload, err := maker.CreateToken(util.RandomOwner(), role, -time.Minute)
 	require.NoError(t, err)
 	require.NotEmpty(t, token)
 	require.NotEmpty(t, payload)

token/payload.go

@@ -13,12 +13,13 @@ var ErrExpiredToken = errors.New("token has expired")
 type Payload struct {
 	ID        uuid.UUID `json:"id"`
 	Username  string    `json:"username"`
+	Role      string    `json:"role"`
 	IssuedAt  time.Time `json:"issued_at"`
 	ExpiredAt time.Time `json:"expired_at"`
 }
 
 // NewPayload create a new token payload with a specfic username and duration
-func NewPayload(username string, duration time.Duration) (*Payload, error) {
+func NewPayload(username, role string, duration time.Duration) (*Payload, error) {
 	tokenID, err := uuid.NewRandom()
 	if err != nil {
 		return nil, err
@@ -27,6 +28,7 @@ func NewPayload(username string, duration time.Duration) (*Payload, error) {
 	payload := &Payload{
 		ID:        tokenID,
 		Username:  username,
+		Role:      role,
 		IssuedAt:  time.Now(),
 		ExpiredAt: time.Now().Add(duration),
 	}

util/util.go

@@ -0,0 +1,6 @@
+package util
+
+const (
+	GeneratorRole = "generator" //normal user
+	AdminRole     = "admin"     // admin
+)