pegasus/backend/internal/auth.go

// backend/internal/auth.go
package internal

import (
	"errors"
	"net/http"

	"github.com/golang-jwt/jwt/v5"
)

var parseJWT = jwt.ParseWithClaims

// CurrentUser parses the Pegasus session cookie and validates its JWT claims.
func CurrentUser(r *http.Request) (Claims, error) {
	c, err := r.Cookie(CookieName)
	if err != nil {
		return Claims{}, err
	}
	tok, err := parseJWT(c.Value, &Claims{}, func(_ *jwt.Token) (any, error) { return sessionKey, nil })
	if err != nil {
		return Claims{}, err
	}
	if cl, ok := tok.Claims.(*Claims); ok && tok.Valid {
		return *cl, nil
	}
	return Claims{}, errors.New("invalid session")
}
many fixes, hopefully uploading 2025-09-16 00:05:16 -05:00			`// backend/internal/auth.go`
first pass on pegasus 2025-09-08 00:48:47 -05:00			`package internal`

			`import (`
			`"errors"`
			`"net/http"`

			`"github.com/golang-jwt/jwt/v5"`
			`)`

pegasus: tighten quality gate 2026-04-11 00:02:59 -03:00			`var parseJWT = jwt.ParseWithClaims`

			`// CurrentUser parses the Pegasus session cookie and validates its JWT claims.`
first pass on pegasus 2025-09-08 00:48:47 -05:00			`func CurrentUser(r *http.Request) (Claims, error) {`
			`c, err := r.Cookie(CookieName)`
pegasus: add full test suite and prometheus CI publishing 2026-04-10 03:25:23 -03:00			`if err != nil {`
			`return Claims{}, err`
			`}`
pegasus: tighten quality gate 2026-04-11 00:02:59 -03:00			`tok, err := parseJWT(c.Value, &Claims{}, func(_ *jwt.Token) (any, error) { return sessionKey, nil })`
pegasus: add full test suite and prometheus CI publishing 2026-04-10 03:25:23 -03:00			`if err != nil {`
			`return Claims{}, err`
			`}`
first pass on pegasus 2025-09-08 00:48:47 -05:00			`if cl, ok := tok.Claims.(*Claims); ok && tok.Valid {`
			`return *cl, nil`
			`}`
			`return Claims{}, errors.New("invalid session")`
			`}`