From 1084381bbf6792114226f9987df8df60fef8cbc5 Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Tue, 4 Jul 2023 21:07:12 +0800
Subject: [PATCH] chore: update jwt middleware

---
 api/v1/jwt.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/api/v1/jwt.go b/api/v1/jwt.go
index 68f7e71..9989fd3 100644
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@@ -77,14 +77,15 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 		path := c.Path()
 		method := c.Request().Method
 
-		if defaultAuthSkipper(c) {
+		// Pass auth and profile endpoints.
+		if util.HasPrefixes(path, "/api/v1/auth", "/api/v1/workspace/profile") {
 			return next(c)
 		}
 
 		token := findAccessToken(c)
 		if token == "" {
 			// When the request is not authenticated, we allow the user to access the shortcut endpoints for those public shortcuts.
-			if util.HasPrefixes(path, "/api/v1/workspace/profile", "/s/*") && method == http.MethodGet {
+			if util.HasPrefixes(path, "/s/*") && method == http.MethodGet {
 				return next(c)
 			}
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")
@@ -195,8 +196,3 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
 		return next(c)
 	}
 }
-
-func defaultAuthSkipper(c echo.Context) bool {
-	path := c.Path()
-	return util.HasPrefixes(path, "/api/v1/auth")
-}