Added support for expiration return

FrosTiK-SD · Nov 16, 2023 · 3dd4305 · 3dd4305
1 parent c103410
commit 3dd4305
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/controller/token.go b/controller/token.go
@@ -60,34 +60,35 @@ func GetJWKs(cacheClient *bigcache.BigCache, noCache bool) (*jwk.Set, *string) {
 	return &jwkSet, nil
 }
 
-func VerifyToken(cacheClient *bigcache.BigCache, idToken string, defaultJwkSet *jwk.Set, noCache bool) (*string, *string) {
+func VerifyToken(cacheClient *bigcache.BigCache, idToken string, defaultJwkSet *jwk.Set, noCache bool) (*string, *time.Time, *string) {
 	jwkSet := defaultJwkSet
 	if !noCache {
 		newJwkSet, jwkParsingError := GetJWKs(cacheClient, noCache)
 		if jwkParsingError != nil {
-			return nil, jwkParsingError
+			return nil, nil, jwkParsingError
 		}
 		jwkSet = newJwkSet
 	}
 
 	// Verify the token
 	rawJWT, err := jwt.Parse([]byte(idToken), jwt.WithKeySet(*jwkSet))
 	if err != nil {
-		return nil, &constants.ERROR_TOKEN_SIGNATURE_INVALID
+		return nil, nil, &constants.ERROR_TOKEN_SIGNATURE_INVALID
 	}
+	exp := rawJWT.Expiration()
 
 	// Validations
-	if time.Now().Sub(rawJWT.IssuedAt()) < 0 || time.Now().Sub(rawJWT.Expiration()) > 0 || rawJWT.Subject() == "" || rawJWT.Issuer() != fmt.Sprintf("https://securetoken.google.com/%s", os.Getenv(constants.FIREBASE_PROJECT_ID)) || !util.ArrayContains(rawJWT.Audience(), os.Getenv(constants.FIREBASE_PROJECT_ID)) {
-		return nil, &constants.ERROR_INVALID_TOKEN
+	if time.Now().Sub(rawJWT.IssuedAt()) < 0 || time.Now().Sub(exp) > 0 || rawJWT.Subject() == "" || rawJWT.Issuer() != fmt.Sprintf("https://securetoken.google.com/%s", os.Getenv(constants.FIREBASE_PROJECT_ID)) || !util.ArrayContains(rawJWT.Audience(), os.Getenv(constants.FIREBASE_PROJECT_ID)) {
+		return nil, &exp, &constants.ERROR_INVALID_TOKEN
 	}
 
 	// Get the email
 	email, found := rawJWT.Get("email")
 	if found == false {
-		return nil, &constants.ERROR_GETTING_EMAIL
+		return nil, &exp, &constants.ERROR_GETTING_EMAIL
 	}
 
 	emailString := fmt.Sprintf("%v", email)
 
-	return &emailString, nil
+	return &emailString, &exp, nil
 }
diff --git a/handler/verify.go b/handler/verify.go
@@ -20,18 +20,20 @@ func (h *Handler) HandlerVerifyStudentIdToken(ctx *gin.Context) {
 		noCache = true
 	}
 
-	email, err := controller.VerifyToken(h.MongikClient.CacheClient, idToken, h.JwkSet, noCache)
+	email, exp, err := controller.VerifyToken(h.MongikClient.CacheClient, idToken, h.JwkSet, noCache)
 
 	if err != nil {
 		ctx.JSON(200, gin.H{
 			"student": nil,
+			"expire":  exp,
 			"error":   err,
 		})
 	} else {
 		student, err := controller.GetUserByEmail(h.MongikClient, email, &constants.ROLE_STUDENT, noCache)
 		ctx.JSON(200, gin.H{
-			"data":  student,
-			"error": err,
+			"data":   student,
+			"error":  err,
+			"expire": exp,
 		})
 	}
 }