mirror of https://github.com/golang-jwt/jwt.git
perf: quick way to validate token string (#302)
This commit is contained in:
parent
873d96d0a0
commit
8b7470d561
|
@ -130,9 +130,6 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
|
||||||
// parse Header
|
// parse Header
|
||||||
var headerBytes []byte
|
var headerBytes []byte
|
||||||
if headerBytes, err = p.DecodeSegment(parts[0]); err != nil {
|
if headerBytes, err = p.DecodeSegment(parts[0]); err != nil {
|
||||||
if strings.HasPrefix(strings.ToLower(tokenString), "bearer ") {
|
|
||||||
return token, parts, newError("tokenstring should not contain 'bearer '", ErrTokenMalformed)
|
|
||||||
}
|
|
||||||
return token, parts, newError("could not base64 decode header", ErrTokenMalformed, err)
|
return token, parts, newError("could not base64 decode header", ErrTokenMalformed, err)
|
||||||
}
|
}
|
||||||
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
|
||||||
|
|
|
@ -90,7 +90,7 @@ func (e BearerExtractor) ExtractToken(req *http.Request) (string, error) {
|
||||||
tokenHeader := req.Header.Get("Authorization")
|
tokenHeader := req.Header.Get("Authorization")
|
||||||
// The usual convention is for "Bearer" to be title-cased. However, there's no
|
// The usual convention is for "Bearer" to be title-cased. However, there's no
|
||||||
// strict rule around this, and it's best to follow the robustness principle here.
|
// strict rule around this, and it's best to follow the robustness principle here.
|
||||||
if tokenHeader == "" || !strings.HasPrefix(strings.ToLower(tokenHeader), "bearer ") {
|
if len(tokenHeader) < 7 || !strings.HasPrefix(strings.ToLower(tokenHeader[:7]), "bearer ") {
|
||||||
return "", ErrNoTokenInRequest
|
return "", ErrNoTokenInRequest
|
||||||
}
|
}
|
||||||
return tokenHeader[7:], nil
|
return tokenHeader[7:], nil
|
||||||
|
|
Loading…
Reference in New Issue