From 98e4d2cf83ce16eadfcb303b112317ab432cd57d Mon Sep 17 00:00:00 2001
From: Elias Projahn <johrpan@gmail.com>
Date: Mon, 11 May 2020 18:12:58 +0200
Subject: [PATCH] server: Validate tokens

---
 server/lib/src/auth.dart | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server/lib/src/auth.dart b/server/lib/src/auth.dart
index bcc0303..d46a499 100644
--- a/server/lib/src/auth.dart
+++ b/server/lib/src/auth.dart
@@ -166,7 +166,10 @@ class AuthorizationController extends Controller {
       if (authHeaderParts.length == 2 && authHeaderParts[0] == 'Bearer') {
         final jwt = JWT.parse(authHeaderParts[1]);
 
-        if (jwt.verify(_signer)) {
+        /// The JWTValidator will automatically use the current time. An empty
+        /// result will mean that the token is valid and its signature was
+        /// verified.
+        if (JWTValidator().validate(jwt, signer: _signer).isEmpty) {
           final user = await db.getUser(jwt.claims['user']);
           if (user != null) {
             request.mayUpload = user.mayUpload;