fix: access token will expired after 24h (#1988)

8bcc2bd7 · Jianwei Zhang · GitHub · 83b771d5 · 8bcc2bd7
Unverified Commit 8bcc2bd7 authored Jul 19, 2023 by Jianwei Zhang Committed by GitHub Jul 19, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 8 deletions

jwt.go api/v1/jwt.go +4 -8

No files found.
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@@ -112,14 +112,6 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 			return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
 		})

-		if !accessToken.Valid {
-			auth.RemoveTokensAndCookies(c)
-			return echo.NewHTTPError(http.StatusUnauthorized, "Invalid access token.")
-		}
-		if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
-			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName))
-		}
-
 		generateToken := time.Until(claims.ExpiresAt.Time) < auth.RefreshThresholdDuration
 		if err != nil {
 			var ve *jwt.ValidationError
@@ -135,6 +127,10 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 			}
 		}

+		if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
+			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName))
+		}
+
 		// We either have a valid access token or we will attempt to generate new access token and refresh token
 		ctx := c.Request().Context()
 		userID, err := strconv.Atoi(claims.Subject)