fix: add role limit

middleware/auth.go

@@ -1,14 +1,16 @@
 package middleware
 
 import (
-	"fmt"
-	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt/v4"
+	"encoding/json"
 	"nCovTrack-Backend/global"
+	"nCovTrack-Backend/models"
 	"nCovTrack-Backend/utils"
 	"net/http"
 	"strconv"
 	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v4"
 )
 
 const UNAUTH_MSG = "unauthorized"
@@ -24,10 +26,15 @@ func Auth() gin.HandlerFunc {
 		}
 		// Write the field of token to request header
 		claims := utils.ParseClaims(oldToken[0])
-		c.Request.Header.Set("role", fmt.Sprint(claims["role"]))
-		c.Request.Header.Set("email", claims["email"].(string))
-		c.Request.Header.Set("id", fmt.Sprint(claims["id"]))
-		c.Request.Header.Set("role", claims["role"].(string))
+		tokenClaims := models.TokenClaims{
+			ID:       int(claims["id"].(float64)),
+			Username: claims["username"].(string),
+			Email:    claims["email"].(string),
+			Role:     int(claims["role"].(float64)),
+			Region:   claims["region"].(string),
+		}
+		claimsByte, _ := json.Marshal(tokenClaims)
+		c.Request.Header.Add("claims", string(claimsByte))
 
 		// renew token, and judge the token's iat is expired or not
 		renewToken := utils.RenewToken(oldToken[0])

middleware/cors.go

@@ -13,7 +13,7 @@ func Cors() gin.HandlerFunc {
 		c.Header("Access-Control-Allow-Origin", origin)
 		c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
 		c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
-		c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type")
+		c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, X-Token, Access-Control-Allow-Headers, Content-Type")
 		c.Header("Access-Control-Allow-Credentials", "true")
 
 		if method == "OPTIONS" {