Move JWT parsing (GetUserIDFromToken) and API token validation (ValidateAPITokenString) into pkg/modules/auth so both HTTP middleware and WebSocket auth use the same logic. This ensures consistent token validity checks including expiry and user status (disabled/locked). The HTTP API token middleware now delegates to the shared function, removing duplicated lookup/expiry logic. |
||
|---|---|---|
| .. | ||
| ldap | ||
| oauth2server | ||
| openid | ||
| auth.go | ||