Move JWT parsing (GetUserIDFromToken) and API token validation (ValidateAPITokenString) into pkg/modules/auth so both HTTP middleware and WebSocket auth use the same logic. This ensures consistent token validity checks including expiry and user status (disabled/locked). The HTTP API token middleware now delegates to the shared function, removing duplicated lookup/expiry logic. |
||
|---|---|---|
| .. | ||
| api/v1 | ||
| caldav | ||
| api_tokens.go | ||
| error_handler.go | ||
| healthcheck.go | ||
| metrics.go | ||
| rate_limit.go | ||
| routes.go | ||
| sentry_middleware.go | ||
| static.go | ||
| validation.go | ||