Merge pull request #10 from RodolfoSilva/multiple_roles

Add multiple role support

README.md

@@ -11,15 +11,33 @@ Create tables and initial state for your user management.
 
 ```sql
 CREATE EXTENSION IF NOT EXISTS citext WITH SCHEMA public;
+
+CREATE TABLE "role" (
+  name text NOT NULL PRIMARY KEY,
+  created_at timestamp with time zone NOT NULL DEFAULT now(),
+);
+
+INSERT INTO "roles" ("name") VALUES ('user');
+
 CREATE TABLE "user" (
   id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
   email citext NOT NULL UNIQUE,
   password text NOT NULL,
-  role text NOT NULL DEFAULT 'user',
+  default_role text NOT NULL DEFAULT 'user',
   is_active boolean NOT NULL DEFAULT false,
   secret_token uuid NOT NULL,
   created_at timestamp with time zone NOT NULL DEFAULT now(),
-  updated_at timestamp with time zone NOT NULL DEFAULT now()
+  updated_at timestamp with time zone NOT NULL DEFAULT now(),
+  FOREIGN KEY (default_role) REFERENCES role (name)
+);
+
+CREATE TABLE "user_role" (
+  id uuid DEFAULT gen_random_uuid() NOT NULL CONSTRAINT user_role_pkey PRIMARY KEY,
+  user_id uuid NOT NULL CONSTRAINT user_role_user_id_fkey REFERENCES "user" ON UPDATE CASCADE ON DELETE CASCADE,
+  role text NOT NULL,
+  created_at timestamp WITH TIME ZONE DEFAULT now() NOT NULL,
+  updated_at timestamp WITH TIME ZONE DEFAULT now() not null,
+  CONSTRAINT user_role_user_id_role_key UNIQUE (user_id, role)
 );
 
 CREATE TABLE "user_session" (

src/auth-tools.ts

@@ -1,4 +1,5 @@
 import jwt from 'jsonwebtoken';
+import uniq from 'lodash/uniq';
 import { User } from './hasura';
 import * as vars from './vars';
 
@@ -23,9 +24,8 @@ export const generateJwtRefreshToken = (payload: any) => {
 export const generateClaimsJwtToken = (user: User, sessionId: string) => {
   const payload = {
     [vars.hasuraGraphqlClaimsKey]: {
-      [`${vars.hasuraHeaderPrefix}allowed-roles`]: user.role,
-      [`${vars.hasuraHeaderPrefix}default-role`]: user.role,
-      [`${vars.hasuraHeaderPrefix}role`]: user.role,
+      [`${vars.hasuraHeaderPrefix}allowed-roles`]: uniq([user.default_role, ...user.user_roles.map(({ role }) => role)]).filter(role => !!role),
+      [`${vars.hasuraHeaderPrefix}default-role`]: user.default_role,
       [`${vars.hasuraHeaderPrefix}user-id`]: user.id.toString(),
       [`${vars.hasuraHeaderPrefix}session-id`]: sessionId,
     },

src/hasura/user-fragment.ts

@@ -7,7 +7,11 @@ export const USER_FRAGMENT = gql`
     password
     is_active
     secret_token
-    role
+    default_role
+    user_roles {
+      id
+      role
+    }
     created_at
     updated_at
   }

src/hasura/user-type.ts

@@ -1,8 +1,14 @@
+interface Role {
+  id: string;
+  role: string;
+}
+
 export interface User {
   id: string;
   email: string;
   is_active: boolean;
-  role: string;
+  default_role: string;
+  user_roles: [Role];
   password: string;
   created_at: Date;
   updated_at: Date;

src/typeDefs.ts

@@ -19,7 +19,7 @@ export const typeDefs = gql`
     email: String!
     is_active: String!
     default_role: String!
-    roles: [Role!]!
+    user_roles: [Role!]!
     created_at: String!
   }