kenmirrors/ente
1
0
Fork 0
mirror of https://github.com/ente-io/ente.git synced 2025-04-30 11:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Return complete claim instead of userID

Browse Source
This commit is contained in:
Neeraj Gupta 2025-03-18 14:30:24 +05:30
parent 47f0c88ed8
commit 2e3ac8b485
3 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/pkg/controller/user/jwt.go
View File

@ -38,7 +38,7 @@ func (c *UserController) GetJWTTokenForClaim(claim *enteJWT.WebCommonJWTClaim) (
return tokenString, nil
}
func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimScope) (int64, error) {
func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimScope) (*enteJWT.WebCommonJWTClaim, error) {
token, err := jwt.ParseWithClaims(jwtToken, &enteJWT.WebCommonJWTClaim{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, stacktrace.Propagate(fmt.Errorf("unexpected signing method: %v", token.Header["alg"]), "")
@ -46,14 +46,14 @@ func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimSc
return c.JwtSecret, nil
})
if err != nil {
return -1, stacktrace.Propagate(err, "JWT parsed failed")
return nil, stacktrace.Propagate(err, "JWT parsed failed")
}
claims, ok := token.Claims.(*enteJWT.WebCommonJWTClaim)
if ok && token.Valid {
if claims.GetScope() != scope {
return -1, stacktrace.Propagate(fmt.Errorf("recived claimScope %s is different than expected scope: %s", claims.GetScope(), scope), "")
return nil, stacktrace.Propagate(fmt.Errorf("recived claimScope %s is different than expected scope: %s", claims.GetScope(), scope), "")
}
return claims.UserID, nil
return claims, nil
}
return -1, stacktrace.Propagate(err, "JWT claim failed")
return nil, stacktrace.Propagate(err, "JWT claim failed")
}

4
server/pkg/controller/user/user_delete.go
View File

@ -63,11 +63,11 @@ func (c *UserController) GetDeleteChallengeToken(ctx *gin.Context) (*ente.Delete
func (c *UserController) SelfDeleteAccount(ctx *gin.Context, req ente.DeleteAccountRequest) (*ente.DeleteAccountResponse, error) {
userID := auth.GetUserID(ctx.Request.Header)
tokenUserID, err := c.ValidateJWTToken(req.Challenge, enteJWT.DELETE_ACCOUNT)
claim, err := c.ValidateJWTToken(req.Challenge, enteJWT.DELETE_ACCOUNT)
if err != nil {
return nil, stacktrace.Propagate(err, "failed to validate jwt token")
}
if tokenUserID != userID {
if claim.UserID != userID {
return nil, stacktrace.Propagate(ente.ErrPermissionDenied, "jwtToken belongs to different user")
}
user, err := c.UserRepo.Get(userID)

7
server/pkg/middleware/auth.go
View File

@ -48,7 +48,12 @@ func (m *AuthMiddleware) TokenAuthMiddleware(jwtClaimScope *jwt.ClaimScope) gin.
var err error
if !found {
if isJWT {
userID, err = m.UserController.ValidateJWTToken(token, *jwtClaimScope)
claim, claimErr := m.UserController.ValidateJWTToken(token, *jwtClaimScope)
if claimErr != nil {
err = claimErr
} else {
userID = claim.UserID
}
} else {
userID, err = m.UserAuthRepo.GetUserIDWithToken(token, app)
if err != nil && !errors.Is(err, sql.ErrNoRows) {