commit 475c7b8f1671ba74001bbe50050c1a69931122cb
parent 6fa6eb18e88f6d090eff5139d5a67bb56d25bf7f
Author: Stefan Melmuk <stefan.melmuk@gmail.com>
Date: Sun, 9 Oct 2022 13:28:41 +0200
return more descriptive JWT validation messages
Diffstat:
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/src/auth.rs b/src/auth.rs
@@ -1,18 +1,14 @@
-//
// JWT Handling
//
use chrono::{Duration, Utc};
use num_traits::FromPrimitive;
use once_cell::sync::Lazy;
-use jsonwebtoken::{self, Algorithm, DecodingKey, EncodingKey, Header};
+use jsonwebtoken::{self, errors::ErrorKind, Algorithm, DecodingKey, EncodingKey, Header};
use serde::de::DeserializeOwned;
use serde::ser::Serialize;
-use crate::{
- error::{Error, MapResult},
- CONFIG,
-};
+use crate::{error::Error, CONFIG};
const JWT_ALGORITHM: Algorithm = Algorithm::RS256;
@@ -61,7 +57,15 @@ fn decode_jwt<T: DeserializeOwned>(token: &str, issuer: String) -> Result<T, Err
validation.set_issuer(&[issuer]);
let token = token.replace(char::is_whitespace, "");
- jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation).map(|d| d.claims).map_res("Error decoding JWT")
+ match jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation) {
+ Ok(d) => Ok(d.claims),
+ Err(err) => match *err.kind() {
+ ErrorKind::InvalidToken => err!("Token is invalid"),
+ ErrorKind::InvalidIssuer => err!("Issuer is invalid"),
+ ErrorKind::ExpiredSignature => err!("Token has expired"),
+ _ => err!("Error decoding JWT"),
+ },
+ }
}
pub fn decode_login(token: &str) -> Result<LoginJwtClaims, Error> {
