refactor: if the token doesn't match our purpose only error if EmptyAllowed is off

2024-03-20 13:52:25 -04:00 · 2024-03-20 13:52:25 -04:00 · b1fcc7f7ae
parent b6c92a6348
commit b1fcc7f7ae
1 changed files with 3 additions and 1 deletions
--- a/api/middleware/middleware.go
+++ b/api/middleware/middleware.go
@ -129,7 +129,9 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
 				aud, _ := claim.GetAudience()

 				if options.Purpose != account.JWTPurposeNone && slices.Contains[jwt.ClaimStrings, string](aud, string(options.Purpose)) == false {
-					return account.ErrJWTInvalid
+					if !options.EmptyAllowed {
+						return account.ErrJWTInvalid
+					}
 				}

 				return nil