ADD: added new auth middleware and changed the roles value ind the jwt token to a array

backend/internal/auth/jwt.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/golang-jwt/jwt/v4"
@@ -10,38 +11,39 @@ import (
 var jwtSecret = []byte("supersecret")
 
 type Claims struct {
-	UserID string
-	Email  string
-	Role   string
+	UserID string   `json:"userId"`
+	Email  string   `json:"email"`
+	Role   []string `json:"role"`
+	jwt.RegisteredClaims
 }
 
-func CreateJWT(userID, email, role string, duration time.Duration) (string, error) {
+func CreateJWT(userID string, email string, role []string, duration time.Duration) (string, error) {
 	claims := jwt.MapClaims{
 		"userId": userID,
 		"email":  email,
 		"role":   role,
 		"exp":    time.Now().Add(duration).Unix(),
 	}
-
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	return token.SignedString(jwtSecret)
 }
 
-func ParseJWT(tokenStr string) (*Claims, error) {
-	token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
+func ParseJWT(tokenString string) (*Claims, error) {
+
+	claims := &Claims{}
+	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+		// Algorithmus Check (Sicherheit)
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unerwartete Signing-Methode: %v", token.Header["alg"])
+		}
 		return jwtSecret, nil
 	})
+
+	// C. Validierung
 	if err != nil || !token.Valid {
+
 		return nil, errors.New("invalid token")
 	}
-	claims, ok := token.Claims.(jwt.MapClaims)
-	if !ok {
-		return nil, errors.New("invalid claims")
-	}
 
-	return &Claims{
-		UserID: claims["userId"].(string),
-		Email:  claims["email"].(string),
-		Role:   claims["role"].(string),
-	}, nil
+	return claims, nil
 }