Move JWT parsing (GetUserIDFromToken) and API token validation (ValidateAPITokenString) into pkg/modules/auth so both HTTP middleware and WebSocket auth use the same logic. This ensures consistent token validity checks including expiry and user status (disabled/locked). The HTTP API token middleware now delegates to the shared function, removing duplicated lookup/expiry logic. |
||
|---|---|---|
| .. | ||
| auth | ||
| avatar | ||
| background | ||
| dump | ||
| keyvalue | ||
| migration | ||