From 8bcc2bd715778ef093bb640ab162b9eec4fe1809 Mon Sep 17 00:00:00 2001 From: Jianwei Zhang Date: Wed, 19 Jul 2023 08:45:30 +0800 Subject: [PATCH] fix: access token will expired after 24h (#1988) --- api/v1/jwt.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/api/v1/jwt.go b/api/v1/jwt.go index d45211fb..0a4bc18a 100644 --- a/api/v1/jwt.go +++ b/api/v1/jwt.go @@ -112,14 +112,6 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"]) }) - if !accessToken.Valid { - auth.RemoveTokensAndCookies(c) - return echo.NewHTTPError(http.StatusUnauthorized, "Invalid access token.") - } - if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) { - return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName)) - } - generateToken := time.Until(claims.ExpiresAt.Time) < auth.RefreshThresholdDuration if err != nil { var ve *jwt.ValidationError @@ -135,6 +127,10 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e } } + if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) { + return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName)) + } + // We either have a valid access token or we will attempt to generate new access token and refresh token ctx := c.Request().Context() userID, err := strconv.Atoi(claims.Subject)