func Auth(w http.ResponseWriter, r *http.Request, c router.Context) error { db, ok := c.Meta["db"].(*sqlx.DB) if !ok { return errors.New("db not set in context") } tokenSecret, ok := c.Meta["tokenSecret"].([]byte) if !ok { return errors.New("token secret not set in context") } // parse the token param token, err := jwt.ParseFromRequest(r, func(token *jwt.Token) (interface{}, error) { return tokenSecret, nil }) if err != nil { return res.Unauthorized(w, res.ErrorMsg{"invalid_token", err.Error()}) } // check if the token is eligible for current scope // scope := scopeRegex.FindStringSubmatch(r.URL.Path)[1] // scopes := token.Claims["scopes"].(string) // // if !contains(strings.Split(scopes, ","), scope) { // return res.Forbidden(w, res.ErrorMsg{"invalid_scope", "token is not valid for this scope"}) // } // check if the token was revoked from DB t := data.Token{} err = t.Get(db, int64(token.Claims["jti"].(float64))) if err != nil { if _, ok := err.(*data.Error); ok { return res.Unauthorized(w, res.ErrorMsg{"invalid_token", "token is not valid"}) } return err } if t.RevokedAt != nil { return res.Unauthorized(w, res.ErrorMsg{"invalid_token", "token is not valid"}) } // valid token // set the user id to context and pass to next handler c.Meta["user_id"] = t.UserID return c.Next(w, r, c) }