added fetching of role_id

handlers/jwt.go

@@ -52,6 +52,10 @@ func GenerateTokens(email, userAgent, ipAddress string) (string, string, error)
 		userID = helper.UUIDGenerator()
 	}
 
+	roleID, err := services.GetRoleIDFromEmail(email)
+	if err != nil {
+		return "", "", fmt.Errorf("error checking role in database: %w", err)
+	}
 	sessionID := helper.UUIDGenerator()
 
 	refreshToken, err := generateSecureToken()
@@ -107,7 +111,7 @@ func GenerateTokens(email, userAgent, ipAddress string) (string, string, error)
 		}
 	}
 
-	accessToken, err := generateAccessToken(email, sessionID, userID)
+	accessToken, err := generateAccessToken(email, sessionID, userID, roleID)
 	if err != nil {
 		return "", "", fmt.Errorf(errFormatWithContext, errMsgFailedToGenerateAccessToken, err)
 	}
@@ -116,7 +120,7 @@ func GenerateTokens(email, userAgent, ipAddress string) (string, string, error)
 	return accessToken, refreshToken, nil
 }
 
-func generateAccessToken(email, sessionID, userID string) (string, error) {
+func generateAccessToken(email, sessionID, userID, roleID string) (string, error) {
 	AccessTokenExpiration := os.Getenv("ACCESS_TOKEN_EXPIRATION_MINUTES")
 	if AccessTokenExpiration == "" {
 		log.Println("AccessTokenExpiration not set (in minutes), defaulting to 45 minutes")
@@ -128,6 +132,7 @@ func generateAccessToken(email, sessionID, userID string) (string, error) {
 	claims := &models.AccessToken{
 		Email:     email,
 		UserID:    userID,
+		RoleID:    roleID,
 		SessionID: sessionID,
 		Exp:       expirationTime,
 		RegisteredClaims: jwt.RegisteredClaims{
@@ -269,7 +274,13 @@ func RefreshAccessToken(refreshTokenString, userAgent, ipAddress string) (string
 		userID = session.UserID // Fallback to session's user ID
 	}
 
-	accessToken, err := generateAccessToken(email, session.ID, userID)
+	roleID, err := services.GetRoleIDFromEmail(email)
+	if err != nil {
+		helper.LogError(err, fmt.Sprintf("Failed to fetch role ID for email %s during refresh", email))
+		roleID = ""
+	}
+
+	accessToken, err := generateAccessToken(email, session.ID, userID, roleID)
 	if err != nil {
 		helper.LogError(err, "Failed to generate access token during refresh")
 		return "", fmt.Errorf("failed to generate access token: %w", err)
@@ -414,7 +425,13 @@ func RefreshAccessTokenWithEmailFallback(refreshTokenString, userAgent, ipAddres
 		userID = session.UserID // Fallback to session's user ID
 	}
 
-	accessToken, err := generateAccessToken(email, session.ID, userID)
+	roleID, err := services.GetRoleIDFromEmail(email)
+	if err != nil {
+		helper.LogError(err, fmt.Sprintf("Failed to fetch role ID for email %s during refresh", email))
+		roleID = ""
+	}
+
+	accessToken, err := generateAccessToken(email, session.ID, userID, roleID)
 	if err != nil {
 		helper.LogError(err, "Failed to generate access token during refresh")
 		return "", fmt.Errorf("failed to generate access token: %w", err)

models/jwt.go

@@ -9,6 +9,7 @@ import (
 type AccessToken struct {
 	Email     string `json:"email"`
 	UserID    string `json:"user_id"`
+	RoleID    string `json:"role_id"`
 	SessionID string `json:"session_id"`
 	Exp       int64  `json:"exp"`
 	jwt.RegisteredClaims

services/users.go

@@ -64,3 +64,24 @@ func GetUserIDFromEmail(email string) (string, error) {
 
 	return id, nil
 }
+
+func GetRoleIDFromEmail(email string) (string, error) {
+	log.Print(email)
+	query := `SELECT role_id
+				FROM (
+					SELECT r.id AS role_id, 1 AS priority
+					FROM roles r
+					JOIN users u ON u.role_id = r.id
+					WHERE u.email_address = ?
+					AND u.is_deleted = 0
+				) t
+				ORDER BY priority ASC
+				LIMIT 1;
+						`
+	var roleID string
+	err := db.DB.QueryRow(query, email).Scan(&roleID)
+	if err != nil {
+		return "", err
+	}
+	return roleID, nil
+}