From 245a01a2cdb9bf5d757c846fb9f82e4131058f73 Mon Sep 17 00:00:00 2001
From: mahdizadsar <mahdizadsar@yahoo.com>
Date: Fri, 20 Sep 2024 19:01:54 +0330
Subject: [PATCH] Update jwt.go

issue: When `auth_opt_jwt_skip_user_expiration` is enabled in config file and the wrong JWT token is sent by client to server (with a few or completely wrong segments), the code crashes.
Workaround: modify the code structure by moving the checking of token expiration conditions
---
 backends/jwt.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/backends/jwt.go b/backends/jwt.go
index e3a0e31..5e0fc96 100644
--- a/backends/jwt.go
+++ b/backends/jwt.go
@@ -132,15 +132,19 @@ func getJWTClaims(secret string, tokenStr string, skipExpiration bool) (*jwtGo.M
 	})
 
 	expirationError := false
-	if err != nil {
-		if !skipExpiration {
-			log.Debugf("jwt parse error: %s", err)
-			return nil, err
-		}
-
+	if err != nil {					
 		if v, ok := err.(*jwtGo.ValidationError); ok && v.Errors == jwtGo.ValidationErrorExpired {
-			expirationError = true
-		}
+			log.Debugf("token expired: %s", err)
+			if skipExpiration {
+				expirationError = true
+			}else{
+				log.Debugf("jwt parse error: %s", err)
+				return nil, err	
+			}
+		}else{
+			log.Debugf("jwt parse error: %s", err)
+			return nil, err	
+		}	
 	}
 
 	if !jwtToken.Valid && !expirationError {