From 81372d6a6b08edc1ff195f718c9762c8f1d9de39 Mon Sep 17 00:00:00 2001
From: Harvey Tindall <hrfee@protonmail.ch>
Date: Thu, 15 Jun 2023 21:59:34 +0100
Subject: [PATCH] auth: fix "ok" issue

the "ok" returned when the JWT claims are read was being overridden with
"false" before it could be checked.
---
 auth.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/auth.go b/auth.go
index 8973a99..b7eb186 100644
--- a/auth.go
+++ b/auth.go
@@ -69,17 +69,19 @@ func (app *appContext) decodeValidateAuthHeader(gc *gin.Context) (claims jwt.Map
 		respond(401, "Unauthorized", gc)
 		return
 	}
-	ok = false
 	expiryUnix := int64(claims["exp"].(float64))
 	if err != nil {
 		app.debug.Printf("Auth denied: %s", err)
 		respond(401, "Unauthorized", gc)
+		ok = false
 		return
 	}
 	expiry := time.Unix(expiryUnix, 0)
 	if !(ok && token.Valid && claims["type"].(string) == "bearer" && expiry.After(time.Now())) {
 		app.debug.Printf("Auth denied: Invalid token")
+		// app.debug.Printf("Expiry: %+v, OK: %t, Valid: %t, ClaimType: %s\n", expiry, ok, token.Valid, claims["type"].(string))
 		respond(401, "Unauthorized", gc)
+		ok = false
 		return
 	}
 	ok = true
@@ -256,13 +258,14 @@ func (app *appContext) decodeValidateRefreshCookie(gc *gin.Context) (claims jwt.
 	if err != nil {
 		app.debug.Printf("getTokenRefresh: Invalid token expiry: %s", err)
 		respond(401, "Invalid token", gc)
+		ok = false
 		return
 	}
-	ok = false
 	expiry := time.Unix(expiryUnix, 0)
 	if !(ok && token.Valid && claims["type"].(string) == "refresh" && expiry.After(time.Now())) {
-		app.debug.Printf("getTokenRefresh: Invalid token: %s", err)
+		app.debug.Printf("getTokenRefresh: Invalid token: %+v", err)
 		respond(401, "Invalid token", gc)
+		ok = false
 		return
 	}
 	ok = true