I try to set up a Golang auth middleware to extract user id from the authorization header which works as expected. but I’d like to know how to set up policies on the users instead of token/key.
for example, one user specified by user id can only access an API in an hour?
thanks for helping