b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82eba17a82a178a0ef89ba76c865fff75ead2f85
b0esche_cloud/go_cloud/pkg/jwt/jwt.go
Leon Bösche 2129d72a1f FIX: Extend JWT token expiration to 24 hours for document viewer sessions 
- Add GenerateWithDuration method to JWT manager to support custom expiration times
- Update viewerHandler and userViewerHandler to generate viewer-specific tokens with 24-hour expiration
- This fixes the issue where PDF viewer fails due to token expiration within 15 minutes
- Add [VIEWER-SESSION] logging to track viewer session creation
- Tokens now remain valid long enough for users to view, navigate, and interact with PDFs
2026-01-11 17:39:12 +01:00

89 lines
2.1 KiB
Go
Raw Blame History

package jwt
import (
"context"
"errors"
"time"
"go.b0esche.cloud/backend/internal/database"
"github.com/golang-jwt/jwt/v4"
"github.com/google/uuid"
)
type Claims struct {
UserID string `json:"user_id"`
OrgIDs []string `json:"org_ids"`
SessionID string `json:"session_id"`
jwt.RegisteredClaims
}
type Manager struct {
secret []byte
}
func NewManager(secret string) *Manager {
return &Manager{secret: []byte(secret)}
}
func (m *Manager) Generate(userID string, orgIDs []string, sessionID string) (string, error) {
return m.GenerateWithDuration(userID, orgIDs, sessionID, 15*time.Minute)
}
func (m *Manager) GenerateWithDuration(userID string, orgIDs []string, sessionID string, duration time.Duration) (string, error) {
claims := Claims{
UserID: userID,
OrgIDs: orgIDs,
SessionID: sessionID,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(duration)),
IssuedAt: jwt.NewNumericDate(time.Now()),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(m.secret)
}
func (m *Manager) Validate(tokenString string) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("unexpected signing method")
}
return m.secret, nil
})
if err != nil {
return nil, err
}
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
return claims, nil
}
return nil, errors.New("invalid token")
}
func (m *Manager) ValidateWithSession(ctx context.Context, tokenString string, db *database.DB) (*Claims, *database.Session, error) {
claims, err := m.Validate(tokenString)
if err != nil {
return nil, nil, err
}
sessionID, err := uuid.Parse(claims.SessionID)
if err != nil {
return nil, nil, errors.New("invalid session ID in token")
}
session, err := db.GetSession(ctx, sessionID)
if err != nil {
return nil, nil, err
}
if session.RevokedAt != nil || time.Now().After(session.ExpiresAt) {
return nil, nil, errors.New("session invalid")
}
return claims, session, nil
}
Reference in New Issue View Git Blame Copy Permalink