@rivascva/dt-idl 1.1.106 → 1.1.108

package/go/auth/jwt.go

@@ -2,12 +2,14 @@ package auth
 
 import (
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 )
 
 // ValidateToken validates the given JWT token using the provided secret.
+// It includes a check for the token expiration time.
 func ValidateToken(token string, secret string) (*jwt.Token, error) {
 	// create a parser with the HS256 signing method
 	parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
@@ -31,57 +33,77 @@ func ValidateToken(token string, secret string) (*jwt.Token, error) {
 }
 
 // NewUserAccessToken creates a new JWT access token for the given user id.
-func NewUserAccessToken(accessTokenSecret string, issuer string, userId string, duration time.Duration) (string, error) {
+func NewUserAccessToken(accessTokenSecret string, issuer string, userId string, duration time.Duration) (*jwt.Token, error) {
 	return newAccessToken(accessTokenSecret, "user", issuer, userId, duration)
 }
 
 // NewServiceAccessToken creates a new JWT access token for the given service.
-func NewServiceAccessToken(accessTokenSecret string, issuer string, service string, duration time.Duration) (string, error) {
+func NewServiceAccessToken(accessTokenSecret string, issuer string, service string, duration time.Duration) (*jwt.Token, error) {
 	return newAccessToken(accessTokenSecret, "service", issuer, service, duration)
 }
 
 // NewUserRefreshToken creates a new JWT refresh token for the given user id.
-func NewUserRefreshToken(refreshTokenSecret string, issuer string, userId string, duration time.Duration) (string, error) {
+func NewUserRefreshToken(refreshTokenSecret string, issuer string, userId string, duration time.Duration) (*jwt.Token, error) {
 	return newRefreshToken(refreshTokenSecret, issuer, userId, duration)
 }
 
 // NewServiceRefreshToken creates a new JWT refresh token for the given service.
-func NewServiceRefreshToken(refreshTokenSecret string, issuer string, service string, duration time.Duration) (string, error) {
+func NewServiceRefreshToken(refreshTokenSecret string, issuer string, service string, duration time.Duration) (*jwt.Token, error) {
 	return newRefreshToken(refreshTokenSecret, issuer, service, duration)
 }
 
 // newAccessToken creates a new JWT access token.
-func newAccessToken(accessTokenSecret string, ttype string, issuer string, subject string, duration time.Duration) (string, error) {
+func newAccessToken(accessTokenSecret string, ttype string, issuer string, subject string, duration time.Duration) (*jwt.Token, error) {
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"type": ttype,
 		"iss":  issuer,
 		"sub":  subject,
-		"iat":  time.Now().UnixMilli(),
-		"exp":  time.Now().Add(duration).UnixMilli(),
+		"iat":  jwt.NewNumericDate(time.Now()),
+		"exp":  jwt.NewNumericDate(time.Now().Add(duration)),
 	})
 
 	s, err := t.SignedString([]byte(accessTokenSecret))
 	if err != nil {
-		return "", fmt.Errorf("unable to sign the access token: %w", err)
+		return nil, fmt.Errorf("unable to sign the access token: %w", err)
 	}
 
-	return s, nil
+	parts := strings.Split(s, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("invalid raw access token")
+	}
+
+	token, err := ValidateToken(s, accessTokenSecret)
+	if err != nil {
+		return nil, fmt.Errorf("unable to validate the new raw access token: %w", err)
+	}
+
+	return token, nil
 }
 
 // newRefreshToken creates a new JWT refresh token.
-func newRefreshToken(refreshTokenSecret string, issuer string, subject string, duration time.Duration) (string, error) {
+func newRefreshToken(refreshTokenSecret string, issuer string, subject string, duration time.Duration) (*jwt.Token, error) {
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"type": "refresh",
 		"iss":  issuer,
 		"sub":  subject,
-		"iat":  time.Now().UnixMilli(),
-		"exp":  time.Now().Add(duration).UnixMilli(),
+		"iat":  jwt.NewNumericDate(time.Now()),
+		"exp":  jwt.NewNumericDate(time.Now().Add(duration)),
 	})
 
 	s, err := t.SignedString([]byte(refreshTokenSecret))
 	if err != nil {
-		return "", fmt.Errorf("unable to sign the refresh token: %w", err)
+		return nil, fmt.Errorf("unable to sign the refresh token: %w", err)
+	}
+
+	parts := strings.Split(s, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("invalid raw refresh token")
+	}
+
+	token, err := ValidateToken(s, refreshTokenSecret)
+	if err != nil {
+		return nil, fmt.Errorf("unable to validate the new raw refresh token: %w", err)
 	}
 
-	return s, nil
+	return token, nil
 }

package/go/request/auth_transport.go

@@ -83,17 +83,11 @@ func (t *AuthTransport) setNewAccessToken() error {
 	defer t.mu.Unlock()
 
 	// create a new service access token
-	rawAccessToken, err := auth.NewServiceAccessToken(t.accessTokenSecret, t.service, t.service, auth.DefaultServiceAccessTokenDuration)
+	accessToken, err := auth.NewServiceAccessToken(t.accessTokenSecret, t.service, t.service, auth.DefaultServiceAccessTokenDuration)
 	if err != nil {
 		return fmt.Errorf("failed to create a new service access token: %w", err)
 	}
 
-	// validate the access token
-	accessToken, err := auth.ValidateToken(rawAccessToken, t.accessTokenSecret)
-	if err != nil {
-		return fmt.Errorf("failed to validate the new access token: %w", err)
-	}
-
 	// set the new access token
 	t.accessToken = accessToken
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rivascva/dt-idl",
-  "version": "1.1.106",
+  "version": "1.1.108",
   "description": "Dream Trade - Interface Definition Language",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",