M sdbapi/auth/auth.go => sdbapi/auth/auth.go +6 -1
@@ 37,7 37,7 @@ func NewJWTToken(username string, email string) (token string, err error) {
return
}
-func ValidateJWTToken(userToken string) (err error) {
+func ValidateJWTToken(userToken string) (claims *JWTClaims, err error) {
token, err := jwt.ParseWithClaims(
userToken,
&JWTClaims{},
@@ 50,6 50,11 @@ func ValidateJWTToken(userToken string) (err error) {
return
}
+ if !token.Valid {
+ err = errors.New("token not valid")
+ return
+ }
+
claims, ok := token.Claims.(*JWTClaims)
if !ok {
err = errors.New("could not parse JWT claims")
M sdbapi/handlers/gamecreate.go => sdbapi/handlers/gamecreate.go +6 -20
@@ 10,39 10,25 @@ package handlers
import (
"api/apierror"
- "api/auth"
"api/db"
"api/models"
"net/http"
"github.com/gin-gonic/gin"
- "github.com/golang-jwt/jwt/v4"
)
func CreateGame(c *gin.Context) {
// Auth should match a registered user
- tokenString := c.Request.Header.Get("Authorization")
- token, _ := jwt.ParseWithClaims(tokenString, &auth.JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
- return []byte(auth.JWTSecret), nil
- })
-
+ // NOTE: Technically auth should always match a registered user, but just in-case.
var p1 models.User
- if claims, ok := token.Claims.(*auth.JWTClaims); ok && token.Valid {
- // Check if the email in the claims matches a user in the database
- // NOTE: Technically we should never end up here, but just in-case.
- user, err := db.GetUserByEmail(claims.Email)
- if err != nil {
- c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
- c.Abort()
- return
- } else {
- p1 = user
- }
- } else {
- c.JSON(http.StatusNotFound, gin.H{"error": apierror.Placeholder})
+ user, err := db.GetUserByEmail(c.GetString("email"))
+ if err != nil {
+ c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
c.Abort()
return
+ } else {
+ p1 = user
}
var game models.Game
M sdbapi/handlers/gameinfo.go => sdbapi/handlers/gameinfo.go +4 -18
@@ 10,13 10,11 @@ package handlers
import (
"api/apierror"
- "api/auth"
"api/db"
"api/models"
"net/http"
"github.com/gin-gonic/gin"
- "github.com/golang-jwt/jwt/v4"
)
func GameInfo(c *gin.Context) {
@@ 32,22 30,10 @@ func GameInfo(c *gin.Context) {
}
// Auth should match a registered user
- tokenString := c.Request.Header.Get("Authorization")
- token, _ := jwt.ParseWithClaims(tokenString, &auth.JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
- return []byte(auth.JWTSecret), nil
- })
-
- if claims, ok := token.Claims.(*auth.JWTClaims); ok && token.Valid {
- // Check if the email in the claims matches a user in the database
- // NOTE: Technically we should never end up here, but just in-case.
- _, err := db.GetUserByEmail(claims.Email)
- if err != nil {
- c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
- c.Abort()
- return
- }
- } else {
- c.JSON(http.StatusNotFound, gin.H{"error": apierror.Placeholder})
+ // NOTE: Technically auth should always match a registered user, but just in-case.
+ _, err := db.GetUserByEmail(c.GetString("email"))
+ if err != nil {
+ c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
c.Abort()
return
}
M sdbapi/middlewares/auth.go => sdbapi/middlewares/auth.go +4 -1
@@ 28,7 28,7 @@ func Auth() gin.HandlerFunc {
}
// check if the token is valid
- err := auth.ValidateJWTToken(token)
+ claims, err := auth.ValidateJWTToken(token)
if err != nil {
// something is wrong with the token, error out
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
@@ 36,6 36,9 @@ func Auth() gin.HandlerFunc {
return
}
+ // save the email so we can use it for fetching the user from the database in the handlers
+ c.Set("email", claims.Email)
+
// continue to the next handler
c.Next()
}