diff --git a/auth/auth.go b/auth/auth.go index 2b987caec..56284f2d8 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -5,7 +5,7 @@ import ( "strings" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/spf13/cast" "gorm.io/gorm/clause" @@ -40,10 +40,6 @@ type Auth struct { } func NewAuth(guard string, cache cache.Cache, config config.Config, orm orm.Orm) *Auth { - jwt.TimeFunc = func() time.Time { - return carbon.Now().ToStdTime() - } - return &Auth{ cache: cache, config: config, @@ -90,7 +86,9 @@ func (a *Auth) Parse(ctx http.Context, token string) (*contractsauth.Payload, er jwtSecret := a.config.GetString("jwt.secret") tokenClaims, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (any, error) { return []byte(jwtSecret), nil - }) + }, jwt.WithTimeFunc(func() time.Time { + return carbon.Now().ToStdTime() + })) if err != nil { if errors.Is(err, jwt.ErrTokenExpired) && tokenClaims != nil { claims, ok := tokenClaims.Claims.(*Claims) diff --git a/auth/auth_test.go b/auth/auth_test.go index b2ffa98b5..21139f39a 100644 --- a/auth/auth_test.go +++ b/auth/auth_test.go @@ -5,7 +5,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" testifymock "github.com/stretchr/testify/mock" "github.com/stretchr/testify/suite" "gorm.io/gorm/clause" @@ -249,6 +249,20 @@ func (s *AuthTestSuite) TestParse_SuccessWithPrefix() { s.mockConfig.AssertExpectations(s.T()) } +func (s *AuthTestSuite) TestParse_ExpiredAndInvalid() { + s.mockConfig.On("GetString", "jwt.secret").Return("Goravel").Once() + + ctx := http.Background() + token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiIxIiwic3ViIjoidXNlciIsImV4cCI6MTY4OTk3MDE3MiwiaWF0IjoxNjg5OTY2NTcyfQ.GApXNbicqzjF2jHsSCJ1AdziHnI1grPuJ5ddSQjGJUQ" + + s.mockCache.On("GetBool", "jwt:disabled:"+token, false).Return(false).Once() + + _, err := s.auth.Parse(ctx, token) + s.ErrorIs(err, ErrorInvalidToken) + + s.mockConfig.AssertExpectations(s.T()) +} + func (s *AuthTestSuite) TestUser_NoParse() { ctx := http.Background() var user User diff --git a/go.mod b/go.mod index a816e9dba..a6936ec63 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/glebarez/sqlite v1.8.0 github.com/go-redis/redis/v8 v8.11.5 github.com/go-sql-driver/mysql v1.7.1 - github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang-jwt/jwt/v5 v5.0.0 github.com/golang-migrate/migrate/v4 v4.16.2 github.com/golang-module/carbon/v2 v2.2.3 github.com/golang/protobuf v1.5.3 @@ -83,6 +83,7 @@ require ( github.com/go-stack/stack v1.8.0 // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect github.com/golang-sql/sqlexp v0.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect diff --git a/go.sum b/go.sum index 2c1d25f2f..9fc3416cb 100644 --- a/go.sum +++ b/go.sum @@ -225,6 +225,8 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-migrate/migrate/v4 v4.16.2 h1:8coYbMKUyInrFk1lfGfRovTLAW7PhWp8qQDT2iKfuoA= github.com/golang-migrate/migrate/v4 v4.16.2/go.mod h1:pfcJX4nPHaVdc5nmdCikFBWtm+UBpiZjRNNsyBbp0/o= github.com/golang-module/carbon/v2 v2.2.3 h1:WvGIc5+qzq9drNzH+Gnjh1TZ0JgDY/IA+m2Dvk7Qm4Q=