From b0120532af6779e3c67469b4a0ba4054ee384c75 Mon Sep 17 00:00:00 2001
From: Nimer Farahty <nimer@farahty.com>
Date: Mon, 9 Jun 2025 01:53:17 +0300
Subject: [PATCH] skip token expired for login mutation

---
 app/app-context.go | 1 +
 app/auth.go        | 4 ++++
 app/middlewares.go | 2 +-
 router.go          | 2 +-
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/app-context.go b/app/app-context.go
index 1001607..09987ff 100644
--- a/app/app-context.go
+++ b/app/app-context.go
@@ -57,6 +57,7 @@ func CurrentUser(ctx context.Context) (*models.UserJWT, error) {
 
 // Check if the token was marked as expired
 func IsTokenExpired(ctx context.Context) bool {
+
 	if expired, ok := ctx.Value(ExpiryKey).(bool); ok {
 		return expired
 	}
diff --git a/app/auth.go b/app/auth.go
index ae3a3ed..e5e7511 100644
--- a/app/auth.go
+++ b/app/auth.go
@@ -114,6 +114,10 @@ func AuthorizeOperation(ctx context.Context) error {
 		return nil
 	}
 
+	if IsTokenExpired(ctx) && object != "login" {
+		return fmt.Errorf("token expired")
+	}
+
 	if obj, err := CurrentUser(ctx); err == nil {
 		user = string(obj.ID)
 	}
diff --git a/app/middlewares.go b/app/middlewares.go
index 5bf8ae2..27fc9c5 100644
--- a/app/middlewares.go
+++ b/app/middlewares.go
@@ -12,7 +12,7 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 )
 
-// Middleware injects dataloaders into context for each HTTP request
+// Middleware injects dataLoaders into context for each HTTP request
 func LoaderMiddleware(loaders *Loaders, next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctxWithLoaders := context.WithValue(r.Context(), LoadersKey, loaders)
diff --git a/router.go b/router.go
index e7cfb1f..ee22d58 100644
--- a/router.go
+++ b/router.go
@@ -91,7 +91,7 @@ func createGraphqlServer() http.Handler {
 
 	// Apply global middleware
 	srv.AroundRootFields(app.RootFieldsAuthorizer) // Check for @auth at root fields
-	srv.AroundResponses(app.ExpiryMiddleware)      // Token expiry validation
+	//srv.AroundResponses(app.ExpiryMiddleware)      // Token expiry validation
 
 	// Inject DataLoaders into request context
 	return app.LoaderMiddleware(app.NewLoaders(), srv)