package handlers import ( "time" "git.jamestombleson.com/jtom38/newsbot-portal/apiclient" "git.jamestombleson.com/jtom38/newsbot-portal/internal/domain" "github.com/golang-jwt/jwt/v5" "github.com/labstack/echo/v4" ) func ValidateJwtMiddleware(jwtSecret string) echo.MiddlewareFunc { return func(next echo.HandlerFunc) echo.HandlerFunc { return func(c echo.Context) error { cookie, err := c.Cookie(domain.CookieToken) if err != nil { return err } if cookie.Value == "" { return echo.NewHTTPError(401, "Authorization token is missing.") } token, err := jwt.ParseWithClaims(cookie.Value, &jwtToken{}, func(token *jwt.Token) (interface{}, error) { return []byte(jwtSecret), nil }) if err != nil { return err } if !token.Valid { return echo.NewHTTPError(401, "Invalid authorization token.") //return errors.New("invalid jwt token") } claims := token.Claims.(*jwtToken) if !claims.Exp.After(time.Now()) { return echo.NewHTTPError(401, "Your Authorization token has expired.") //return errors.New("the jwt token has expired") } //if claims.Iss != issuer { // return jwtToken{}, errors.New("the issuer was invalid") //} return next(c) } } } func RefreshJwtMiddleware(api apiclient.ApiClient) echo.MiddlewareFunc { return func(next echo.HandlerFunc) echo.HandlerFunc { return func(c echo.Context) error { resp, err := api.Users.RefreshJwtTokenFromContext(c) if err != nil { return next(c) } SetCookie(c, domain.CookieToken, resp.Token, "/") SetCookie(c, domain.CookieRefreshToken, resp.RefreshToken, "/") return next(c) } } }