feat(spot): check different jwt iat for different tokens

2024-09-03 17:32:34 +02:00 · 2024-09-03 17:32:34 +02:00 · 1c1e6beb41
commit 1c1e6beb41
parent e7a0ca843f
2 changed files with 7 additions and 4 deletions
--- a/backend/pkg/spot/auth/authorizer.go
+++ b/backend/pkg/spot/auth/authorizer.go
@ -9,5 +9,5 @@ func (a *authImpl) IsAuthorized(authHeader string, permissions []string, isExten
 	if err != nil {
 		return nil, err
 	}
-	return authUser(a.pgconn, jwtInfo.UserId, jwtInfo.TenantID, int(jwtInfo.ExpiresAt.Unix()))
+	return authUser(a.pgconn, jwtInfo.UserId, jwtInfo.TenantID, int(jwtInfo.IssuedAt.Unix()), isExtension)
 }
--- a/backend/pkg/spot/auth/storage.go
+++ b/backend/pkg/spot/auth/storage.go
@ -3,21 +3,24 @@ package auth
 import (
 	"fmt"
 	"openreplay/backend/pkg/db/postgres/pool"
+	"strings"
 )

-func authUser(conn pool.Pool, userID, tenantID, jwtIAT int) (*User, error) {
+func authUser(conn pool.Pool, userID, tenantID, jwtIAT int, isExtension bool) (*User, error) {
 	sql := `
 		SELECT user_id, name, email, EXTRACT(epoch FROM spot_jwt_iat)::BIGINT AS spot_jwt_iat
 	   	FROM public.users
 	   	WHERE user_id = $1 AND deleted_at IS NULL
 	   	LIMIT 1;`
-
+	if !isExtension {
+		sql = strings.ReplaceAll(sql, "spot_jwt_iat", "jwt_iat")
+	}
 	user := &User{TenantID: 1, AuthMethod: "jwt"}
 	if err := conn.QueryRow(sql, userID).Scan(&user.ID, &user.Name, &user.Email, &user.JwtIat); err != nil {
 		return nil, fmt.Errorf("user not found")
 	}
 	if user.JwtIat == 0 || abs(jwtIAT-user.JwtIat) > 1 {
-		return nil, fmt.Errorf("token expired")
+		return nil, fmt.Errorf("token has been updated")
 	}
 	return user, nil
 }