chore: remove revoked field in access token

2025-07-05 12:42:35 +00:00 · 2023-08-06 14:28:35 +08:00
parent f33dcba284
commit 994a90c8fb
5 changed files with 21 additions and 32 deletions
--- a/api/v2/acl.go
+++ b/api/v2/acl.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 	"strings"
+	"time"

 	"github.com/boojack/slash/api/auth"
 	"github.com/boojack/slash/internal/util"
@ -169,7 +170,7 @@ func audienceContains(audience jwt.ClaimStrings, token string) bool {

 func validateAccessToken(accessTokenString string, userAccessTokens []*storepb.AccessTokensUserSetting_AccessToken) bool {
 	for _, userAccessToken := range userAccessTokens {
-		if accessTokenString == userAccessToken.AccessToken && !userAccessToken.Revoked {
+		if accessTokenString == userAccessToken.AccessToken && userAccessToken.ExpiresTime.AsTime().After(time.Now()) {
 			return true
 		}
 	}