Modify jwt middleware logic

Signed-off-by: Asai Neko <sugar@sne.moe>
2026-01-02 12:36:07 +08:00
parent 3d685b5a86
commit cbec9bf2b3
7 changed files with 85 additions and 50 deletions
--- a/internal/cryptography/token.go
+++ b/internal/cryptography/token.go
@@ -4,8 +4,10 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
+	"errors"
 	"fmt"
 	"nixcn-cms/data"
+	"strings"
 	"time"

 	"github.com/golang-jwt/jwt/v5"
@@ -187,3 +189,34 @@ func (self *Token) RevokeRefreshToken(refreshToken string) error {

 	return err
 }
+
+func (self *Token) HeaderVerify(header string) (string, error) {
+	if header == "" {
+		return "", nil
+	}
+
+	jwtSecret := []byte(viper.GetString("secrets.jwt_secret"))
+	// Split header to 2
+	parts := strings.SplitN(header, " ", 2)
+	if len(parts) != 2 || parts[0] != "Bearer" {
+		return "", errors.New("invalid Authorization header format")
+	}
+
+	tokenStr := parts[1]
+
+	// Verify access token
+	claims := &JwtClaims{}
+	token, err := jwt.ParseWithClaims(
+		tokenStr,
+		claims,
+		func(token *jwt.Token) (any, error) {
+			return jwtSecret, nil
+		},
+	)
+
+	if err != nil || !token.Valid {
+		return "", errors.New("invalid or expired token")
+	}
+
+	return claims.UserID.String(), nil
+}