update go-chi and chi/jwtauth to v5

2021-09-08 23:45:06 +02:00 · 2021-09-08 23:45:06 +02:00 · f7b222b7f3
commit f7b222b7f3
parent 72fd12d0c4
13 changed files with 646 additions and 102 deletions
--- a/auth/jwt/authenticator.go
+++ b/auth/jwt/authenticator.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/go-chi/jwtauth"
+	"github.com/go-chi/jwtauth/v5"
 	"github.com/go-chi/render"

 	"github.com/dhax/go-base/logging"
@ -32,7 +32,7 @@ func RefreshTokenFromCtx(ctx context.Context) string {
 // response for any unverified tokens and passes the good ones through.
 func Authenticator(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		token, claims, err := jwtauth.FromContext(r.Context())
+		_, claims, err := jwtauth.FromContext(r.Context())

 		if err != nil {
 			logging.GetLogEntry(r).Warn(err)
@ -40,11 +40,6 @@ func Authenticator(next http.Handler) http.Handler {
 			return
 		}

-		if !token.Valid {
-			render.Render(w, r, ErrUnauthorized(ErrTokenExpired))
-			return
-		}
-
 		// Token is authenticated, parse claims
 		var c AppClaims
 		err = c.ParseClaims(claims)
@ -63,16 +58,12 @@ func Authenticator(next http.Handler) http.Handler {
 // AuthenticateRefreshJWT checks validity of refresh tokens and is only used for access token refresh and logout requests. It responds with 401 Unauthorized for invalid or expired refresh tokens.
 func AuthenticateRefreshJWT(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		token, claims, err := jwtauth.FromContext(r.Context())
+		_, claims, err := jwtauth.FromContext(r.Context())
 		if err != nil {
 			logging.GetLogEntry(r).Warn(err)
 			render.Render(w, r, ErrUnauthorized(ErrTokenUnauthorized))
 			return
 		}
-		if !token.Valid {
-			render.Render(w, r, ErrUnauthorized(ErrTokenExpired))
-			return
-		}

 		// Token is authenticated, parse refresh token string
 		var c RefreshClaims