session id added to claims

2025-09-08 23:58:44 +03:00 · 2025-09-08 23:58:44 +03:00 · 305044a736
commit 305044a736
parent 360d265672
2 changed files with 9 additions and 9 deletions
--- a/internal/provider/token/service.go
+++ b/internal/provider/token/service.go
@ -33,7 +33,7 @@ func NewJWT(deps Deps) *JWT {
 	}
 }

-func (j *JWT) CreateAccessToken(userUuid string) (string, error) {
+func (j *JWT) CreateAccessToken(userUuid, sessionUuid string) (string, error) {
 	now := time.Now()

 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
@ -42,6 +42,7 @@ func (j *JWT) CreateAccessToken(userUuid string) (string, error) {
 		"iss": j.Issuer,
 		"nbf": now.Unix(),
 		"sub": userUuid,
+		"sid": sessionUuid,
 	})

 	signedToken, err := token.SignedString([]byte(j.SecretKey))
@ -56,7 +57,6 @@ func (j *JWT) CreateRefreshToken(refreshUuid string, expires time.Time) *http.Co
 	return &http.Cookie{
 		Name:        "refresh_uuid",
 		Value:       refreshUuid,
-		Path:        "",
 		Expires:     expires,
 		Secure:      true,
 		HttpOnly:    true,
@ -84,16 +84,16 @@ func (j *JWT) Parse(token string) (string, string, error) {
 	if claims, ok := parse.Claims.(jwt.MapClaims); ok && parse.Valid {
 		userUuid := claims["sub"].(string)

-		var refreshUuid string
-		if tkn, exists := claims["tkn"]; exists {
-			if tknStr, okay := tkn.(string); okay {
-				refreshUuid = tknStr
+		var sessionUuid string
+		if sid, exists := claims["sid"]; exists {
+			if tknStr, okay := sid.(string); okay {
+				sessionUuid = tknStr
 			} else {
-				return "", "", fmt.Errorf("invalid type for 'tkn' claim")
+				return "", "", fmt.Errorf("invalid type for 'sid' claim")
 			}
 		}

-		return userUuid, refreshUuid, nil
+		return userUuid, sessionUuid, nil
 	}

 	return "", "", fmt.Errorf("invalid token")