schreifuchs/ng-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added comments

Browse Source
This commit is contained in:
u80864958
2025-05-02 10:39:35 +02:00
parent fb7d5a623a
commit 14b57b57e8
16 changed files with 73 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/internal/auth/jwt.go
View File

@ -3,7 +3,6 @@ package auth
import (
"errors"
"fmt"
"log"
"net/http"
"strings"
"time"
@ -28,6 +27,7 @@ func (s *Service) createJWT(user *model.User) (token string, err error) {
return jwt.NewWithClaims(jwt.SigningMethodHS512, claims).SignedString([]byte(s.cfg.Secret))
}
// validateJWT returns the token Claims and if token ist invalid ErrJWTInvalid
func (s *Service) validateJWT(tokenString string) (claims Claims, err error) {
_, err = jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (any, error) {
// Don't forget to validate the alg is what you expect:
@ -40,12 +40,13 @@ func (s *Service) validateJWT(tokenString string) (claims Claims, err error) {
if err != nil {
return
}
log.Println(claims)
if claims.ExpiresAt.Before(time.Now()) {
err = ErrJWTInvalid
return
}
// check if user has logged out this token
var invalidated bool
err = s.db.Model(&model.InvalidJWT{}).
Select("count(*) > 0").
@ -60,6 +61,7 @@ func (s *Service) validateJWT(tokenString string) (claims Claims, err error) {
return
}
// extractToken extracts the Bearer token from the request
func extractToken(r *http.Request) (token string, err error) {
tokenHeader := r.Header.Get("Authorization") // Grab the token from the header