diff --git a/src/middlewares/role.ts b/src/middlewares/role.ts
new file mode 100644
index 00000000..f6e6da9d
--- /dev/null
+++ b/src/middlewares/role.ts
@@ -0,0 +1,13 @@
+import * as express from "express";
+import HttpError from "../interfaces/http-error";
+import HttpStatus from "../interfaces/http-status";
+import { RequestWithUser } from "./user";
+
+export function authRole(role: string) {
+  return (req: RequestWithUser, _res: express.Response, next: express.NextFunction) => {
+    if (!req.user.role.includes(role)) {
+      throw new HttpError(HttpStatus.FORBIDDEN, "คุณไม่มีสิทธิในการเข้าถึงทรัพยากรดังกล่าว");
+    }
+    next();
+  };
+}
diff --git a/src/middlewares/user.ts b/src/middlewares/user.ts
new file mode 100644
index 00000000..12c5d597
--- /dev/null
+++ b/src/middlewares/user.ts
@@ -0,0 +1,12 @@
+import type { Request } from "express";
+
+export type RequestWithUser = Request & {
+  user: {
+    name: string;
+    given_name: string;
+    familiy_name: string;
+    preferred_username: string;
+    email: string;
+    role: string[];
+  };
+};