merch-tracker-v2/api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed session id from access token

Browse source
This commit is contained in:
nquidox 2025-09-10 19:26:54 +03:00
parent c657a3a7da
commit a8c974994b
2 changed files with 5 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

17
internal/provider/token/service.go
View file

@ -65,7 +65,7 @@ func (j *JWT) CreateRefreshToken(refreshUuid string, expires time.Time) *http.Co
}
}
func (j *JWT) Parse(token string) (string, string, error) {
func (j *JWT) Parse(token string) (string, error) {
if strings.HasPrefix(token, "Bearer ") {
token = strings.TrimPrefix(token, "Bearer ")
}
@ -78,25 +78,16 @@ func (j *JWT) Parse(token string) (string, string, error) {
})
if err != nil {
log.Error(err)
return "", "", err
return "", err
}
if claims, ok := parse.Claims.(jwt.MapClaims); ok && parse.Valid {
userUuid := claims["sub"].(string)
var sessionUuid string
if sid, exists := claims["sid"]; exists {
if tknStr, okay := sid.(string); okay {
sessionUuid = tknStr
} else {
return "", "", fmt.Errorf("invalid type for 'sid' claim")
}
}
return userUuid, sessionUuid, nil
return userUuid, nil
}
return "", "", fmt.Errorf("invalid token")
return "", fmt.Errorf("invalid token")
}
func duration(minutes string) time.Duration {