skip token expired for login mutation

2025-06-09 01:53:17 +03:00 · 2025-06-09 01:53:17 +03:00 · b0120532af
commit b0120532af
parent 7949a93dcb
4 changed files with 7 additions and 2 deletions
--- a/app/app-context.go
+++ b/app/app-context.go
@ -57,6 +57,7 @@ func CurrentUser(ctx context.Context) (*models.UserJWT, error) {

 // Check if the token was marked as expired
 func IsTokenExpired(ctx context.Context) bool {
+
 	if expired, ok := ctx.Value(ExpiryKey).(bool); ok {
 		return expired
 	}
--- a/app/auth.go
+++ b/app/auth.go
@ -114,6 +114,10 @@ func AuthorizeOperation(ctx context.Context) error {
 		return nil
 	}

+	if IsTokenExpired(ctx) && object != "login" {
+		return fmt.Errorf("token expired")
+	}
+
 	if obj, err := CurrentUser(ctx); err == nil {
 		user = string(obj.ID)
 	}
--- a/app/middlewares.go
+++ b/app/middlewares.go
@ -12,7 +12,7 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 )

-// Middleware injects dataloaders into context for each HTTP request
+// Middleware injects dataLoaders into context for each HTTP request
 func LoaderMiddleware(loaders *Loaders, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctxWithLoaders := context.WithValue(r.Context(), LoadersKey, loaders)
--- a/router.go
+++ b/router.go
@ -91,7 +91,7 @@ func createGraphqlServer() http.Handler {

 	// Apply global middleware
 	srv.AroundRootFields(app.RootFieldsAuthorizer) // Check for @auth at root fields
-	srv.AroundResponses(app.ExpiryMiddleware)      // Token expiry validation
+	//srv.AroundResponses(app.ExpiryMiddleware)      // Token expiry validation

 	// Inject DataLoaders into request context
 	return app.LoaderMiddleware(app.NewLoaders(), srv)