refactor: verify the token is a valid format, then check the db, then validate, and if it fails, delete from the db

2023-06-09 04:26:50 -04:00 · 2023-06-09 04:26:50 -04:00 · 16f2ac3604
parent f941ee46d4
commit 16f2ac3604
1 changed files with 8 additions and 2 deletions
--- a/service/auth/auth.go
+++ b/service/auth/auth.go
@ -168,9 +168,9 @@ func Logout(token string) error {
 }

 func VerifyLoginToken(token string) error {
-	_, err := jwt.Verify(jwt.HS256, sharedKey, []byte(token), blocklist)
+	_, err := jwt.Decode([]byte(token))
 	if err != nil {
-		return err
+		return ErrInvalidToken
 	}

 	session := model.LoginSession{}
@ -179,5 +179,11 @@ func VerifyLoginToken(token string) error {
 		return ErrInvalidToken
 	}

+	_, err = jwt.Verify(jwt.HS256, sharedKey, []byte(token), blocklist)
+	if err != nil {
+		db.Get().Delete(&session)
+		return err
+	}
+
 	return nil
 }