Update based on PR review

nkshah2 · nkshah2 · commit 0f1e9d976a41 · 2023-05-22T16:21:04.000+05:30
diff --git a/recipe/session/accessToken.go b/recipe/session/accessToken.go
@@ -178,41 +178,55 @@ func ValidateAccessTokenStructure(payload map[string]interface{}, version int) e
 	err := errors.New("Access token does not contain all the information. Maybe the structure has changed?")
 
 	if version >= 3 {
+		supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version >= 3")
 		if _, ok := payload["sessionHandle"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["sub"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sub claim not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["refreshTokenHash1"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["exp"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: exp claim not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["iat"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: iat claim not found in JWT payload")
 			return err
 		}
 	} else {
+		supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version < 3")
 		if _, ok := payload["sessionHandle"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["userId"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userId not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["refreshTokenHash1"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")
 			return err
 		}
 		if payload["userData"] == nil {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["userData"].(map[string]interface{}); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData is invalid in JWT payload")
 			return err
 		}
 		if _, ok := payload["expiryTime"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: expiryTime not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["timeCreated"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: timeCreated not found in JWT payload")
 			return err
 		}
 	}
diff --git a/recipe/session/recipeImplementation.go b/recipe/session/recipeImplementation.go
@@ -176,6 +176,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 
 	refreshSession := func(refreshToken string, antiCsrfToken *string, disableAntiCsrf bool, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
 		if disableAntiCsrf != true && config.AntiCsrf == AntiCSRF_VIA_CUSTOM_HEADER {
+			supertokens.LogDebugMessage("refreshSession: Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")
 			return nil, defaultErrors.New("Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")
 		}
 
@@ -189,6 +190,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ
 
 		responseToken, parseErr := ParseJWTWithoutSignatureVerification(response.AccessToken.Token)
 		if parseErr != nil {
+			supertokens.LogDebugMessage("refreshSession: Failed to parse access token")
 			return nil, err
 		}
 
diff --git a/recipe/session/sessionFunctions.go b/recipe/session/sessionFunctions.go
@@ -236,17 +236,20 @@ func refreshSessionHelper(config sessmodels.TypeNormalisedInput, querier superto
 
 	response, err := querier.SendPostRequest("/recipe/session/refresh", requestBody)
 	if err != nil {
+		supertokens.LogDebugMessage("refreshSessionHelper: Call to /recipe/session/refresh API failed")
 		return sessmodels.CreateOrRefreshAPIResponse{}, err
 	}
 	if response["status"] == "OK" {
 		delete(response, "status")
 		responseByte, err := json.Marshal(response)
 		if err != nil {
+			supertokens.LogDebugMessage("refreshSessionHelper: Could not parse response from /recipe/session/refresh API")
 			return sessmodels.CreateOrRefreshAPIResponse{}, err
 		}
 		var result sessmodels.CreateOrRefreshAPIResponse
 		err = json.Unmarshal(responseByte, &result)
 		if err != nil {
+			supertokens.LogDebugMessage("refreshSessionHelper: Could not decode response from /recipe/session/refresh API")
 			return sessmodels.CreateOrRefreshAPIResponse{}, err
 		}
 		return result, nil
@@ -379,18 +382,21 @@ func regenerateAccessTokenHelper(querier supertokens.Querier, newAccessTokenPayl
 		"userDataInJWT": newAccessTokenPayload,
 	})
 	if err != nil {
+		supertokens.LogDebugMessage("regenerateAccessTokenHelper: Call to /recipe/session/regenerate failed")
 		return nil, err
 	}
 	if response["status"].(string) == errors.UnauthorizedErrorStr {
 		return nil, nil
 	}
 	responseByte, err := json.Marshal(response)
 	if err != nil {
+		supertokens.LogDebugMessage("regenerateAccessTokenHelper: Failed to parse response from core")
 		return nil, err
 	}
 	var resp sessmodels.RegenerateAccessTokenResponse
 	err = json.Unmarshal(responseByte, &resp)
 	if err != nil {
+		supertokens.LogDebugMessage("regenerateAccessTokenHelper: Failed to decode response from core")
 		return nil, err
 	}
 	return &resp, nil

Original file line number	Diff line number	Diff line change
`@@ -178,41 +178,55 @@ func ValidateAccessTokenStructure(payload map[string]interface{}, version int) e`
`178`	`178`	`err := errors.New("Access token does not contain all the information. Maybe the structure has changed?")`
`179`	`179`
`180`	`180`	`if version >= 3 {`
	`181`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version >= 3")`
`181`	`182`	`if _, ok := payload["sessionHandle"].(string); !ok {`
	`183`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")`
`182`	`184`	`return err`
`183`	`185`	`}`
`184`	`186`	`if _, ok := payload["sub"].(string); !ok {`
	`187`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: sub claim not found in JWT payload")`
`185`	`188`	`return err`
`186`	`189`	`}`
`187`	`190`	`if _, ok := payload["refreshTokenHash1"].(string); !ok {`
	`191`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")`
`188`	`192`	`return err`
`189`	`193`	`}`
`190`	`194`	`if _, ok := payload["exp"].(float64); !ok {`
	`195`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: exp claim not found in JWT payload")`
`191`	`196`	`return err`
`192`	`197`	`}`
`193`	`198`	`if _, ok := payload["iat"].(float64); !ok {`
	`199`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: iat claim not found in JWT payload")`
`194`	`200`	`return err`
`195`	`201`	`}`
`196`	`202`	`} else {`
	`203`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version < 3")`
`197`	`204`	`if _, ok := payload["sessionHandle"].(string); !ok {`
	`205`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")`
`198`	`206`	`return err`
`199`	`207`	`}`
`200`	`208`	`if _, ok := payload["userId"].(string); !ok {`
	`209`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: userId not found in JWT payload")`
`201`	`210`	`return err`
`202`	`211`	`}`
`203`	`212`	`if _, ok := payload["refreshTokenHash1"].(string); !ok {`
	`213`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")`
`204`	`214`	`return err`
`205`	`215`	`}`
`206`	`216`	`if payload["userData"] == nil {`
	`217`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData not found in JWT payload")`
`207`	`218`	`return err`
`208`	`219`	`}`
`209`	`220`	`if _, ok := payload["userData"].(map[string]interface{}); !ok {`
	`221`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData is invalid in JWT payload")`
`210`	`222`	`return err`
`211`	`223`	`}`
`212`	`224`	`if _, ok := payload["expiryTime"].(float64); !ok {`
	`225`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: expiryTime not found in JWT payload")`
`213`	`226`	`return err`
`214`	`227`	`}`
`215`	`228`	`if _, ok := payload["timeCreated"].(float64); !ok {`
	`229`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: timeCreated not found in JWT payload")`
`216`	`230`	`return err`
`217`	`231`	`}`
`218`	`232`	`}`
Original file line number	Diff line number	Diff line change
`@@ -176,6 +176,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ`
`176`	`176`
`177`	`177`	`refreshSession := func(refreshToken string, antiCsrfToken *string, disableAntiCsrf bool, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {`
`178`	`178`	`if disableAntiCsrf != true && config.AntiCsrf == AntiCSRF_VIA_CUSTOM_HEADER {`
	`179`	`+ supertokens.LogDebugMessage("refreshSession: Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")`
`179`	`180`	`return nil, defaultErrors.New("Since the anti-csrf mode is VIA_CUSTOM_HEADER getSession can't check the CSRF token. Please either use VIA_TOKEN or set antiCsrfCheck to false")`
`180`	`181`	`}`
`181`	`182`
`@@ -189,6 +190,7 @@ func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.Typ`
`189`	`190`
`190`	`191`	`responseToken, parseErr := ParseJWTWithoutSignatureVerification(response.AccessToken.Token)`
`191`	`192`	`if parseErr != nil {`
	`193`	`+ supertokens.LogDebugMessage("refreshSession: Failed to parse access token")`
`192`	`194`	`return nil, err`
`193`	`195`	`}`
`194`	`196`