added user roles account creation

server/auth.js

@@ -16,7 +16,8 @@ function generateToken(user) {
         email: user.email,
         username: user.username,
         display_name: user.display_name,
-        auth_provider: user.auth_provider
+        auth_provider: user.auth_provider,
+        role: user.role
     };
 
     const token = jwt.sign(payload, JWT_SECRET, {expiresIn: JWT_EXPIRATION});

server/db.js

@@ -61,6 +61,7 @@ async function initDb() {
                 display_name TEXT,
                 auth_provider TEXT DEFAULT 'local',
                 entra_id TEXT,
+                role TEXT,
                 created_at DATETIME DEFAULT CURRENT_TIMESTAMP
             )
         `);
@@ -211,11 +212,12 @@ function searchArticles(query) {
  * @param {string} display_name - The name that will be desplayed when an article is created or updated
  * @param {string} authProvider - the source of the authentication: 'local' or 'entra'
  * @param {string} entraId - The ID number for the associated entra account, can be null if auth provider is local
+ * @param {string} role - The user's role permissions (Admin / Editor / User)
  * @returns {Object} - The user object of the newly created user
  */
-function createUser(username, email, passHash, display_name, authProvider = 'local', entraId = null) {
+function createUser(username, email, passHash, display_name, authProvider = 'local', entraId = null, role = 'User') {
-    db.run("INSERT INTO users (username, email, pass_hash, display_name, auth_provider, entra_id) VALUES (?, ?, ?, ?, ?, ?)",
+    db.run("INSERT INTO users (username, email, pass_hash, display_name, auth_provider, entra_id, role) VALUES (?, ?, ?, ?, ?, ?, ?)",
-        [username, email, passHash, display_name, authProvider, entraId]
+        [username, email, passHash, display_name, authProvider, entraId, role]
     )
 
     // Saving DB with newly created record

server/server.js

@@ -149,6 +149,7 @@ initDb().then(() => {
                     email: newUser.email,
                     display_name: newUser.display_name,
                     auth_provider: newUser.auth_provider,
+                    role: user.role,
                     created_at: newUser.created_at
                 },
                 token
@@ -188,6 +189,7 @@ initDb().then(() => {
                     email: user.email,
                     display_name: user.display_name,
                     auth_provider: user.auth_provider,
+                    role: user.role,
                     created_at: user.created_at
                 },
                 token
@@ -217,6 +219,13 @@ initDb().then(() => {
                 return res.status(401).json({error: 'Invalid Microsoft token'});
             }
 
+            const decoded = jwt.decode(accessToken);
+            const roles = decoded.roles || {};
+            let userRole = 'User';
+
+            if (roles.includes('Admin')) userRole = 'Admin';
+            else if (roles.includes('Editor')) userRole = 'Editor';
+
             const msUser = await graphResponse.json();
 
             // Check if user exists in our database
@@ -230,7 +239,8 @@ initDb().then(() => {
                     null,
                     msUser.displayName,
                     'entra',
-                    msUser.id
+                    msUser.id,
+                    userRole
                 );
             } else if (user.auth_provider === 'local') {
                 return res.status(400).json({
@@ -238,7 +248,6 @@ initDb().then(() => {
                 });
             }
 
-            // Generate our JWT token
             const token = generateToken(user);
 
             return res.status(200).json({
@@ -248,6 +257,7 @@ initDb().then(() => {
                     email: user.email,
                     display_name: user.display_name,
                     auth_provider: user.auth_provider,
+                    role: user.role,
                     created_at: user.created_at
                 },
                 token