Add Zitadel user roles (#145)

* Add Zitadel user roles

* Code review fixes

src/utils/zitadel.ts

@@ -3,15 +3,42 @@ import {Utils} from './utils';
 import axios from 'axios';
 import axiosRetry from 'axios-retry';
 
+enum ZitadelUserRole {
+    Creator = 'creator',
+    Admin = 'admin',
+    Viewer = 'viewer',
+}
+
 type IntrospectionResult = {
     active: boolean;
     userId?: string;
     username?: string;
+    role?: ZitadelUserRole;
 };
 
 const axiosInstance = axios.create();
 axiosRetry(axiosInstance, {retries: 3});
 
+const getRole = (data: any): ZitadelUserRole => {
+    const scope = 'urn:zitadel:iam:org:project:roles';
+
+    const roles = data[scope];
+
+    if (!roles) {
+        return ZitadelUserRole.Viewer;
+    }
+
+    if (roles['admin']) {
+        return ZitadelUserRole.Admin;
+    }
+
+    if (roles['creator']) {
+        return ZitadelUserRole.Creator;
+    }
+
+    return ZitadelUserRole.Viewer;
+};
+
 export const introspect = async (ctx: AppContext, token?: string): Promise<IntrospectionResult> => {
     ctx.log('Token introspection');
 
@@ -47,7 +74,10 @@ export const introspect = async (ctx: AppContext, token?: string): Promise<Intro
         ctx.log(`Token introspected successfully within: ${Utils.getDuration(hrStart)} ms`);
 
         const {active, username, sub} = response.data;
-        return {active: Boolean(active), userId: sub, username};
+
+        const role = getRole(response.data);
+
+        return {active: Boolean(active), userId: sub, username, role};
     } catch (e) {
         ctx.logError('Failed to introspect token', e);
         return {active: false};