authorizerdev
diff --git a/‎.env.sample‎
Lines changed: 3 additions & 2 deletions b/‎.env.sample‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎app/build/bundle.js‎
Lines changed: 2 additions & 2 deletions b/‎app/build/bundle.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎app/build/bundle.js.map‎
Lines changed: 1 addition & 1 deletion b/‎app/build/bundle.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/package-lock.json‎
Lines changed: 15 additions & 15 deletions b/‎app/package-lock.json‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎app/package.json‎
Lines changed: 1 addition & 1 deletion b/‎app/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/constants/constants.go‎
Lines changed: 4 additions & 3 deletions b/‎server/constants/constants.go‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎server/env.go‎
Lines changed: 27 additions & 10 deletions b/‎server/env.go‎
Lines changed: 27 additions & 10 deletions
diff --git a/‎server/graph/generated/generated.go‎
Lines changed: 59 additions & 23 deletions b/‎server/graph/generated/generated.go‎
Lines changed: 59 additions & 23 deletions
diff --git a/‎server/graph/model/models_gen.go‎
Lines changed: 10 additions & 10 deletions b/‎server/graph/model/models_gen.go‎
Lines changed: 10 additions & 10 deletions
@@ -5,6 +5,7 @@ ADMIN_SECRET=admin
 DISABLE_EMAIL_VERIFICATION=true
 JWT_SECRET=random_string
 JWT_TYPE=HS256
-ROLES=user,admin
-DEFAULT_ROLE=user
+ROLES=user
+DEFAULT_ROLES=user
+PROTECTED_ROLES=admin
 JWT_ROLE_CLAIM=role
@@ -10,7 +10,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^0.1.0-beta.18",
+		"@authorizerdev/authorizer-react": "^0.1.0-beta.19",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
 
@@ -23,9 +23,10 @@ var (
 	DISABLE_BASIC_AUTHENTICATION = "false"
 
 	// ROLES
-	ROLES          = []string{}
-	DEFAULT_ROLE   = ""
-	JWT_ROLE_CLAIM = "role"
+	ROLES           = []string{}
+	PROTECTED_ROLES = []string{}
+	DEFAULT_ROLES   = []string{}
+	JWT_ROLE_CLAIM  = "role"
 
 	// OAuth login
 	GOOGLE_CLIENT_ID       = ""
 
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/joho/godotenv"
 )
 
@@ -63,7 +64,6 @@ func InitEnv() {
 	constants.RESET_PASSWORD_URL = strings.TrimPrefix(os.Getenv("RESET_PASSWORD_URL"), "/")
 	constants.DISABLE_BASIC_AUTHENTICATION = os.Getenv("DISABLE_BASIC_AUTHENTICATION")
 	constants.DISABLE_EMAIL_VERIFICATION = os.Getenv("DISABLE_EMAIL_VERIFICATION")
-	constants.DEFAULT_ROLE = os.Getenv("DEFAULT_ROLE")
 	constants.JWT_ROLE_CLAIM = os.Getenv("JWT_ROLE_CLAIM")
 
 	if constants.ADMIN_SECRET == "" {
@@ -136,28 +136,45 @@ func InitEnv() {
 
 	rolesSplit := strings.Split(os.Getenv("ROLES"), ",")
 	roles := []string{}
-	defaultRole := ""
+	if len(rolesSplit) == 0 {
+		roles = []string{"user"}
+	}
+
+	defaultRoleSplit := strings.Split(os.Getenv("DEFAULT_ROLES"), ",")
+	defaultRoles := []string{}
+
+	if len(defaultRoleSplit) == 0 {
+		defaultRoles = []string{"user"}
+	}
+
+	protectedRolesSplit := strings.Split(os.Getenv("PROTECTED_ROLES"), ",")
+	protectedRoles := []string{}
+
+	if len(protectedRolesSplit) > 0 {
+		for _, val := range protectedRolesSplit {
+			trimVal := strings.TrimSpace(val)
+			protectedRoles = append(protectedRoles, trimVal)
+		}
+	}
 
 	for _, val := range rolesSplit {
 		trimVal := strings.TrimSpace(val)
 		if trimVal != "" {
 			roles = append(roles, trimVal)
 		}
 
-		if trimVal == constants.DEFAULT_ROLE {
-			defaultRole = trimVal
+		if utils.StringContains(defaultRoleSplit, trimVal) {
+			defaultRoles = append(defaultRoles, trimVal)
 		}
 	}
-	if len(roles) > 0 && defaultRole == "" {
-		panic(`Invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`)
-	}
 
-	if len(roles) == 0 {
-		roles = []string{"user", "admin"}
-		constants.DEFAULT_ROLE = "user"
+	if len(roles) > 0 && len(defaultRoles) == 0 && len(defaultRoleSplit) > 0 {
+		panic(`Invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`)
 	}
 
 	constants.ROLES = roles
+	constants.DEFAULT_ROLES = defaultRoles
+	constants.PROTECTED_ROLES = protectedRoles
 
 	if constants.JWT_ROLE_CLAIM == "" {
 		constants.JWT_ROLE_CLAIM = "role"