From 16f2ac36040989190a486b2acf49d3775ddfd107 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Fri, 9 Jun 2023 04:26:50 -0400
Subject: [PATCH] refactor: verify the token is a valid format, then check the
 db, then validate, and if it fails, delete from the db

---
 service/auth/auth.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/service/auth/auth.go b/service/auth/auth.go
index 1b8cc65..2e8b5f1 100644
--- a/service/auth/auth.go
+++ b/service/auth/auth.go
@@ -168,9 +168,9 @@ func Logout(token string) error {
 }
 
 func VerifyLoginToken(token string) error {
-	_, err := jwt.Verify(jwt.HS256, sharedKey, []byte(token), blocklist)
+	_, err := jwt.Decode([]byte(token))
 	if err != nil {
-		return err
+		return ErrInvalidToken
 	}
 
 	session := model.LoginSession{}
@@ -179,5 +179,11 @@ func VerifyLoginToken(token string) error {
 		return ErrInvalidToken
 	}
 
+	_, err = jwt.Verify(jwt.HS256, sharedKey, []byte(token), blocklist)
+	if err != nil {
+		db.Get().Delete(&session)
+		return err
+	}
+
 	return nil
 }