From d35c26ecc61103b4ba7d484acf76b6a969159518 Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Mon, 7 Apr 2025 15:55:04 +0200
Subject: Start new play

---
 api/auth/auth.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'api/auth/auth.go')

diff --git a/api/auth/auth.go b/api/auth/auth.go
index 23b4f53..b382beb 100644
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@@ -1,9 +1,12 @@
 package auth
 
 import (
-	"github.com/golang-jwt/jwt/v5"
+	"errors"
 	"os"
+	"strings"
 	"time"
+
+	"github.com/golang-jwt/jwt/v5"
 )
 
 var jwtKey = []byte(os.Getenv("JWT_SECRET"))
@@ -32,7 +35,13 @@ func GenerateJWT(userID int) (string, error) {
 
 func ValidateJWT(tokenString string) (*Claims, error) {
 	claims := &Claims{}
-	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+	// A token has a form `Bearer ...`
+	tokenParts := strings.Split(tokenString, " ")
+	if len(tokenParts) != 2 {
+		return nil, errors.New("not valid JWT")
+	}
+
+	token, err := jwt.ParseWithClaims(tokenParts[1], claims, func(token *jwt.Token) (interface{}, error) {
 		return jwtKey, nil
 	})
 
-- 
cgit v1.2.3-18-g5258