JWT: only accepts tokens from the expected header or cookie

2025-12-06 22:30:56 +03:00 · 2021-02-02 13:11:47 +01:00
parent 4f609cfa30
commit f863530653
3 changed files with 74 additions and 45 deletions
--- a/httpd/server.go
+++ b/httpd/server.go
@@ -272,7 +272,7 @@ func (s *httpdServer) initializeRouter() {
 		router.Get(tokenPath, s.getToken)

 		router.Group(func(router chi.Router) {
-			router.Use(jwtauth.Verifier(s.tokenAuth))
+			router.Use(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromHeader))
 			router.Use(jwtAuthenticator)

 			router.Get(versionPath, func(w http.ResponseWriter, r *http.Request) {
@@ -336,7 +336,7 @@ func (s *httpdServer) initializeRouter() {
 			router.Post(webLoginPath, s.handleWebLoginPost)

 			router.Group(func(router chi.Router) {
-				router.Use(jwtauth.Verifier(s.tokenAuth))
+				router.Use(jwtauth.Verify(s.tokenAuth, jwtauth.TokenFromCookie))
 				router.Use(jwtAuthenticatorWeb)

 				router.Get(webLogoutPath, handleWebLogout)