From ab60f8796a8663ec0209d96f892d0a6887433c62 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Tue, 4 Apr 2023 08:31:19 +1000
Subject: [PATCH] more error handling

---
 utils/token/token.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/utils/token/token.go b/utils/token/token.go
index 079fdc0..8cb644f 100644
--- a/utils/token/token.go
+++ b/utils/token/token.go
@@ -24,6 +24,7 @@ func GenerateToken(user_id uint) (string, error) {
 	claims["authorized"] = true
 	claims["user_id"] = user_id
 	claims["exp"] = time.Now().Add(time.Hour * time.Duration(token_lifespan)).Unix()
+	// https://pkg.go.dev/github.com/golang-jwt/jwt/v5#New
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 	return token.SignedString([]byte(os.Getenv("API_SECRET")))
@@ -36,8 +37,8 @@ func TokenValid(c *gin.Context) error {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
-		//return []byte(os.Getenv("API_SECRET")), nil
-		return []byte(""), nil
+		// This code says signature is invalid if we return an empty []byte but I don't know why
+		return []byte(os.Getenv("API_SECRET")), nil
 	})
 	if err != nil {
 		return err
@@ -64,9 +65,8 @@ func ExtractTokenID(c *gin.Context) (uint, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
-		// Why return the secret??
-		//return []byte(os.Getenv("API_SECRET")), nil
-		return 0, nil
+		// Why return the secret?? Code doesn't work if we don't return the secret
+		return []byte(os.Getenv("API_SECRET")), nil
 	})
 	if err != nil {
 		return 0, err