From 11ac92a02684de0c02234838183ea97c1a5d1180 Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Wed, 4 Jun 2025 19:11:01 +0200
Subject: [PATCH] feat: dynamic user based roles

---
 internal/oauth/token.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/internal/oauth/token.go b/internal/oauth/token.go
index 4da8fee..dc8f6fb 100644
--- a/internal/oauth/token.go
+++ b/internal/oauth/token.go
@@ -76,6 +76,12 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		var roles = []string{"user"}
+
+		if user.IsAdmin {
+			roles = append(roles, "admin")
+		}
+
 		claims := types.ApiClaims{
 			Email: user.Email,
 			// TODO:
@@ -83,7 +89,7 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
 			Name:          user.FullName,
 			Picture:       user.ProfilePicture,
 			Nonce:         nonce,
-			Roles:         []string{"user", "admin"},
+			Roles:         roles,
 			RegisteredClaims: jwt.RegisteredClaims{
 				Issuer: h.cfg.Jwt.Issuer,
 				// TODO: use dedicated API id that is in local DB and bind to user there