[WIP]server/auth:fix panic on identical JWT token generation and auth

Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
2024-09-27 06:25:44 +00:00 · 2022-12-16 02:28:21 +01:00 · 2022-12-16 02:28:21 +01:00 · 386aedef51
commit 386aedef51
parent f9d124974b
1 changed files with 13 additions and 4 deletions
--- a/server/auth/jwt.go
+++ b/server/auth/jwt.go
@ -42,7 +42,7 @@ func (t *tokenJWT) info(ctx context.Context, token string, rev uint64) (*AuthInf
 	// rev isn't used in JWT, it is only used in simple token
 	var (
 		username string
-		revision uint64
+		revision float64
 	)
 	parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
@ -73,10 +73,19 @@ func (t *tokenJWT) info(ctx context.Context, token string, rev uint64) (*AuthInf
 		return nil, false
 	}
-	username = claims["username"].(string)
+	username, ok = claims["username"].(string)
-	revision = uint64(claims["revision"].(float64))
+	if !ok {
 		t.lg.Warn("failed to obtain user claims from jwt token")
 		return nil, false
 	}
-	return &AuthInfo{Username: username, Revision: revision}, true
+	revision, ok = claims["revision"].(float64)
 	if !ok {
 		t.lg.Warn("failed to obtain revision claims from jwt token")
 		return nil, false
 	}
 	return &AuthInfo{Username: username, Revision: uint64(revision)}, true
 }
 func (t *tokenJWT) assign(ctx context.Context, username string, revision uint64) (string, error) {