From be838530167493599a4681a412d12416122e2e12 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Mon, 16 May 2022 12:04:48 -0600
Subject: check the permissions in the token

---
 cmd/api/main.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/cmd/api/main.go b/cmd/api/main.go
index d20731e..b300da3 100644
--- a/cmd/api/main.go
+++ b/cmd/api/main.go
@@ -18,7 +18,8 @@ import (
 )
 
 type CustomClaims struct {
-	Scope string `json:"scope"`
+	Scope       string   `json:"scope"`
+	Permissions []string `json:"permissions"`
 }
 
 func (c CustomClaims) Validate(ctx context.Context) error {
@@ -35,6 +36,15 @@ func (c CustomClaims) HasScope(expectedScope string) bool {
 	return false
 }
 
+func (c CustomClaims) HasPermission(permission string) bool {
+	for _, value := range c.Permissions {
+		if value == permission {
+			return true
+		}
+	}
+	return false
+}
+
 // type TokenExtractor func(r *http.Request) (string, error)
 func Extractor(r *http.Request) (string, error) {
 	authHeader := r.Header.Get("Authorization")
@@ -148,7 +158,7 @@ func main() {
 
 			token := r.Context().Value(jwtmiddleware.ContextKey{}).(*validator.ValidatedClaims)
 			claims := token.CustomClaims.(*CustomClaims)
-			if !claims.HasScope("read:messages") {
+			if !claims.HasPermission("read:incidents") {
 				w.WriteHeader(http.StatusForbidden)
 				w.Write([]byte(`{"message":"insufficient scope."}`))
 				return
-- 
cgit v1.2.3