Merge pull request #285 from supertokens/logging/enhance-debug-logs

rishabhpoddar · web-flow · commit 714d2e02297e · 2023-05-22T16:43:04.000+05:30
chore: Add additional debug logs for session functions
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.12.3] - 2023-05-22
+
+### Added
+
+-   Adds additional debug logs whenever the SDK returns a `TryRefreshTokenError` or `UnauthorizedError` to make debugging easier
+
 ## [0.12.2] - 2023-05-19
 
 -   Adds additional tests for the session recipe
diff --git a/recipe/emailverification/api/implementation.go b/recipe/emailverification/api/implementation.go
@@ -38,6 +38,7 @@ func MakeAPIImplementation() evmodels.APIInterface {
 				err := sessionContainer.FetchAndSetClaimWithContext(evclaims.EmailVerificationClaim, userContext)
 				if err != nil {
 					if err.Error() == "UNKNOWN_USER_ID" {
+						supertokens.LogDebugMessage("verifyEmailPOST: Returning UnauthorizedError because the User Id provided is unknown")
 						return evmodels.VerifyEmailPOSTResponse{}, sessErrors.UnauthorizedError{Msg: "Unknown User ID provided"}
 					}
 					return evmodels.VerifyEmailPOSTResponse{}, err
@@ -61,6 +62,7 @@ func MakeAPIImplementation() evmodels.APIInterface {
 		err := sessionContainer.FetchAndSetClaimWithContext(evclaims.EmailVerificationClaim, userContext)
 		if err != nil {
 			if err.Error() == "UNKNOWN_USER_ID" {
+				supertokens.LogDebugMessage("isEmailVerifiedGET: Returning UnauthorizedError because the User Id provided is unknown")
 				return evmodels.IsEmailVerifiedGETResponse{}, sessErrors.UnauthorizedError{Msg: "Unknown User ID provided"}
 			}
 			return evmodels.IsEmailVerifiedGETResponse{}, err
@@ -88,6 +90,7 @@ func MakeAPIImplementation() evmodels.APIInterface {
 			return evmodels.GenerateEmailVerifyTokenPOSTResponse{}, err
 		}
 		if email.UnknownUserIDError != nil {
+			supertokens.LogDebugMessage("generateEmailVerifyTokenPOST: Returning UnauthorizedError because the User Id provided is unknown")
 			return evmodels.GenerateEmailVerifyTokenPOSTResponse{}, sessErrors.UnauthorizedError{Msg: "Unknown User ID provided"}
 		}
 		if email.EmailDoesNotExistError != nil {
diff --git a/recipe/session/accessToken.go b/recipe/session/accessToken.go
@@ -17,10 +17,12 @@ package session
 
 import (
 	"errors"
+	"fmt"
 	"github.com/MicahParks/keyfunc"
 	"github.com/golang-jwt/jwt/v4"
 	sterrors "github.com/supertokens/supertokens-golang/recipe/session/errors"
 	"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
+	"github.com/supertokens/supertokens-golang/supertokens"
 	"strings"
 )
 
@@ -41,6 +43,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,
 	if jwtInfo.Version >= 3 {
 		parsedToken, parseError := jwt.Parse(jwtInfo.RawTokenString, jwks.Keyfunc)
 		if parseError != nil {
+			supertokens.LogDebugMessage(fmt.Sprintf("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token parsing failed - %s", parseError))
 			return nil, sterrors.TryRefreshTokenError{
 				Msg: parseError.Error(),
 			}
@@ -49,6 +52,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,
 		if parsedToken.Valid {
 			claims, ok := parsedToken.Claims.(jwt.MapClaims)
 			if !ok {
+				supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token claims are invalid")
 				return nil, sterrors.TryRefreshTokenError{
 					Msg: "Invalid JWT claims",
 				}
@@ -81,6 +85,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,
 			}
 
 			if parseErr != nil {
+				supertokens.LogDebugMessage(fmt.Sprintf("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token parsing failed - %s", parseErr))
 				return nil, sterrors.TryRefreshTokenError{
 					Msg: parseErr.Error(),
 				}
@@ -89,6 +94,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,
 			if parsedToken.Valid {
 				claims, ok := parsedToken.Claims.(jwt.MapClaims)
 				if !ok {
+					supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token claims are invalid")
 					return nil, sterrors.TryRefreshTokenError{
 						Msg: "Invalid JWT claims",
 					}
@@ -107,13 +113,15 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,
 	}
 
 	if payload == nil {
+		supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token JWT has no payload")
 		return nil, sterrors.TryRefreshTokenError{
 			Msg: "Invalid JWT",
 		}
 	}
 
 	err := ValidateAccessTokenStructure(payload, jwtInfo.Version)
 	if err != nil {
+		supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because ValidateAccessTokenStructure returned an error")
 		return nil, sterrors.TryRefreshTokenError{
 			Msg: err.Error(),
 		}
@@ -142,12 +150,14 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,
 	antiCsrfToken := sanitizeStringInput(payload["antiCsrfToken"])
 
 	if antiCsrfToken == nil && doAntiCsrfCheck {
+		supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access does not contain the anti-csrf token.")
 		return nil, sterrors.TryRefreshTokenError{
 			Msg: "Access token does not contain the anti-csrf token.",
 		}
 	}
 
 	if expiryTime < GetCurrTimeInMS() {
+		supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access is expired")
 		return nil, sterrors.TryRefreshTokenError{
 			Msg: "Access token expired",
 		}
@@ -169,41 +179,55 @@ func ValidateAccessTokenStructure(payload map[string]interface{}, version int) e
 	err := errors.New("Access token does not contain all the information. Maybe the structure has changed?")
 
 	if version >= 3 {
+		supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version >= 3")
 		if _, ok := payload["sessionHandle"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["sub"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sub claim not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["refreshTokenHash1"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["exp"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: exp claim not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["iat"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: iat claim not found in JWT payload")
 			return err
 		}
 	} else {
+		supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version < 3")
 		if _, ok := payload["sessionHandle"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["userId"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userId not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["refreshTokenHash1"].(string); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")
 			return err
 		}
 		if payload["userData"] == nil {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["userData"].(map[string]interface{}); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData is invalid in JWT payload")
 			return err
 		}
 		if _, ok := payload["expiryTime"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: expiryTime not found in JWT payload")
 			return err
 		}
 		if _, ok := payload["timeCreated"].(float64); !ok {
+			supertokens.LogDebugMessage("ValidateAccessTokenStructure: timeCreated not found in JWT payload")
 			return err
 		}
 	}
diff --git a/recipe/session/session.go b/recipe/session/session.go
@@ -16,6 +16,7 @@
 package session
 
 import (
+	"fmt"
 	"reflect"
 
 	"github.com/supertokens/supertokens-golang/recipe/session/claims"
@@ -90,6 +91,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 			return nil, err
 		}
 		if sessionInformation == nil {
+			supertokens.LogDebugMessage("GetSessionDataInDatabaseWithContext: Returning UnauthorizedError because session does not exist anymore")
 			return nil, errors.UnauthorizedError{Msg: "session does not exist anymore"}
 		}
 		return sessionInformation.SessionDataInDatabase, nil
@@ -101,6 +103,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 			return err
 		}
 		if !updated {
+			supertokens.LogDebugMessage("UpdateSessionDataInDatabaseWithContext: Returning UnauthorizedError because session does not exist anymore")
 			return errors.UnauthorizedError{Msg: "session does not exist anymore"}
 		}
 		return nil
@@ -112,6 +115,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 			return 0, err
 		}
 		if sessionInformation == nil {
+			supertokens.LogDebugMessage("GetTimeCreatedWithContext: Returning UnauthorizedError because session does not exist anymore")
 			return 0, errors.UnauthorizedError{Msg: "session does not exist anymore"}
 		}
 		return sessionInformation.TimeCreated, nil
@@ -123,6 +127,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 			return 0, err
 		}
 		if sessionInformation == nil {
+			supertokens.LogDebugMessage("GetExpiryWithContext: Returning UnauthorizedError because session does not exist anymore")
 			return 0, errors.UnauthorizedError{Msg: "session does not exist anymore"}
 		}
 		return sessionInformation.Expiry, nil
@@ -160,6 +165,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session
 		response, err := regenerateAccessTokenHelper(*querier, &accessTokenPayload, sessionContainer.GetAccessToken())
 
 		if err != nil {
+			supertokens.LogDebugMessage(fmt.Sprintf("MergeIntoAccessTokenPayloadWithContext: Returning UnauthorizedError because we could not regenerate the session - %s", err))
 			return errors.UnauthorizedError{
 				Msg: errors.UnauthorizedErrorStr,
 			}
diff --git a/recipe/session/sessionFunctions.go b/recipe/session/sessionFunctions.go
@@ -18,6 +18,7 @@ package session
 import (
 	"encoding/json"
 	defaultErrors "errors"
+	"fmt"
 	"strings"
 
 	"github.com/supertokens/supertokens-golang/recipe/session/errors"
@@ -63,6 +64,7 @@ func getSessionHelper(config sessmodels.TypeNormalisedInput, querier supertokens
 	var err error = nil
 	combinedJwks, jwksError := sessmodels.GetCombinedJWKS()
 	if jwksError != nil {
+		supertokens.LogDebugMessage(fmt.Sprintf("getSessionHelper: Returning TryRefreshTokenError because there was an error fetching JWKs - %s", jwksError))
 		if !defaultErrors.As(jwksError, &errors.TryRefreshTokenError{}) {
 			return sessmodels.GetSessionResponse{}, jwksError
 		}
@@ -71,6 +73,7 @@ func getSessionHelper(config sessmodels.TypeNormalisedInput, querier supertokens
 	accessTokenInfo, err = GetInfoFromAccessToken(parsedAccessToken, *combinedJwks, config.AntiCsrf == AntiCSRF_VIA_TOKEN && doAntiCsrfCheck)
 	if err != nil {
 		if !defaultErrors.As(err, &errors.TryRefreshTokenError{}) {
+			supertokens.LogDebugMessage("getSessionHelper: Returning TryRefreshTokenError because GetInfoFromAccessToken returned an error")
 			return sessmodels.GetSessionResponse{}, err
 		}
 
diff --git a/recipe/session/sessionRequestFunctions.go b/recipe/session/sessionRequestFunctions.go
@@ -117,6 +117,7 @@ func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, confi
 func GetSessionFromRequest(req *http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, options *sessmodels.VerifySessionOptions, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
 	idRefreshToken := GetCookieValue(req, legacyIdRefreshTokenCookieName)
 	if idRefreshToken != nil {
+		supertokens.LogDebugMessage("GetSessionFromRequest: Returning TryRefreshTokenError because the request is using a legacy session and should be refreshed")
 		return nil, errors.TryRefreshTokenError{
 			Msg: "using legacy session, please call the refresh API",
 		}
@@ -350,6 +351,10 @@ func RefreshSessionInRequest(req *http.Request, res http.ResponseWriter, config
 			}
 		}
 
+		if isUnauthorisedErr {
+			supertokens.LogDebugMessage("RefreshSessionInRequest: Returning UnauthorizedError because RefreshSession returned an error")
+		}
+
 		return nil, err
 	}
 
diff --git a/supertokens/constants.go b/supertokens/constants.go
@@ -21,7 +21,7 @@ const (
 )
 
 // VERSION current version of the lib
-const VERSION = "0.12.2"
+const VERSION = "0.12.3"
 
 var (
 	cdiSupported = []string{"2.21"}

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ func MakeAPIImplementation() evmodels.APIInterface {`
`38`	`38`	`err := sessionContainer.FetchAndSetClaimWithContext(evclaims.EmailVerificationClaim, userContext)`
`39`	`39`	`if err != nil {`
`40`	`40`	`if err.Error() == "UNKNOWN_USER_ID" {`
	`41`	`+ supertokens.LogDebugMessage("verifyEmailPOST: Returning UnauthorizedError because the User Id provided is unknown")`
`41`	`42`	`return evmodels.VerifyEmailPOSTResponse{}, sessErrors.UnauthorizedError{Msg: "Unknown User ID provided"}`
`42`	`43`	`}`
`43`	`44`	`return evmodels.VerifyEmailPOSTResponse{}, err`
`@@ -61,6 +62,7 @@ func MakeAPIImplementation() evmodels.APIInterface {`
`61`	`62`	`err := sessionContainer.FetchAndSetClaimWithContext(evclaims.EmailVerificationClaim, userContext)`
`62`	`63`	`if err != nil {`
`63`	`64`	`if err.Error() == "UNKNOWN_USER_ID" {`
	`65`	`+ supertokens.LogDebugMessage("isEmailVerifiedGET: Returning UnauthorizedError because the User Id provided is unknown")`
`64`	`66`	`return evmodels.IsEmailVerifiedGETResponse{}, sessErrors.UnauthorizedError{Msg: "Unknown User ID provided"}`
`65`	`67`	`}`
`66`	`68`	`return evmodels.IsEmailVerifiedGETResponse{}, err`
`@@ -88,6 +90,7 @@ func MakeAPIImplementation() evmodels.APIInterface {`
`88`	`90`	`return evmodels.GenerateEmailVerifyTokenPOSTResponse{}, err`
`89`	`91`	`}`
`90`	`92`	`if email.UnknownUserIDError != nil {`
	`93`	`+ supertokens.LogDebugMessage("generateEmailVerifyTokenPOST: Returning UnauthorizedError because the User Id provided is unknown")`
`91`	`94`	`return evmodels.GenerateEmailVerifyTokenPOSTResponse{}, sessErrors.UnauthorizedError{Msg: "Unknown User ID provided"}`
`92`	`95`	`}`
`93`	`96`	`if email.EmailDoesNotExistError != nil {`
Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,12 @@ package session`
`17`	`17`
`18`	`18`	`import (`
`19`	`19`	`"errors"`
	`20`	`+ "fmt"`
`20`	`21`	`"github.com/MicahParks/keyfunc"`
`21`	`22`	`"github.com/golang-jwt/jwt/v4"`
`22`	`23`	`sterrors "github.com/supertokens/supertokens-golang/recipe/session/errors"`
`23`	`24`	`"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"`
	`25`	`+ "github.com/supertokens/supertokens-golang/supertokens"`
`24`	`26`	`"strings"`
`25`	`27`	`)`
`26`	`28`
`@@ -41,6 +43,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,`
`41`	`43`	`if jwtInfo.Version >= 3 {`
`42`	`44`	`parsedToken, parseError := jwt.Parse(jwtInfo.RawTokenString, jwks.Keyfunc)`
`43`	`45`	`if parseError != nil {`
	`46`	`+ supertokens.LogDebugMessage(fmt.Sprintf("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token parsing failed - %s", parseError))`
`44`	`47`	`return nil, sterrors.TryRefreshTokenError{`
`45`	`48`	`Msg: parseError.Error(),`
`46`	`49`	`}`
`@@ -49,6 +52,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,`
`49`	`52`	`if parsedToken.Valid {`
`50`	`53`	`claims, ok := parsedToken.Claims.(jwt.MapClaims)`
`51`	`54`	`if !ok {`
	`55`	`+ supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token claims are invalid")`
`52`	`56`	`return nil, sterrors.TryRefreshTokenError{`
`53`	`57`	`Msg: "Invalid JWT claims",`
`54`	`58`	`}`
`@@ -81,6 +85,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,`
`81`	`85`	`}`
`82`	`86`
`83`	`87`	`if parseErr != nil {`
	`88`	`+ supertokens.LogDebugMessage(fmt.Sprintf("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token parsing failed - %s", parseErr))`
`84`	`89`	`return nil, sterrors.TryRefreshTokenError{`
`85`	`90`	`Msg: parseErr.Error(),`
`86`	`91`	`}`
`@@ -89,6 +94,7 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,`
`89`	`94`	`if parsedToken.Valid {`
`90`	`95`	`claims, ok := parsedToken.Claims.(jwt.MapClaims)`
`91`	`96`	`if !ok {`
	`97`	`+ supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token claims are invalid")`
`92`	`98`	`return nil, sterrors.TryRefreshTokenError{`
`93`	`99`	`Msg: "Invalid JWT claims",`
`94`	`100`	`}`
`@@ -107,13 +113,15 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,`
`107`	`113`	`}`
`108`	`114`
`109`	`115`	`if payload == nil {`
	`116`	`+ supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access token JWT has no payload")`
`110`	`117`	`return nil, sterrors.TryRefreshTokenError{`
`111`	`118`	`Msg: "Invalid JWT",`
`112`	`119`	`}`
`113`	`120`	`}`
`114`	`121`
`115`	`122`	`err := ValidateAccessTokenStructure(payload, jwtInfo.Version)`
`116`	`123`	`if err != nil {`
	`124`	`+ supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because ValidateAccessTokenStructure returned an error")`
`117`	`125`	`return nil, sterrors.TryRefreshTokenError{`
`118`	`126`	`Msg: err.Error(),`
`119`	`127`	`}`
`@@ -142,12 +150,14 @@ func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks keyfunc.JWKS,`
`142`	`150`	`antiCsrfToken := sanitizeStringInput(payload["antiCsrfToken"])`
`143`	`151`
`144`	`152`	`if antiCsrfToken == nil && doAntiCsrfCheck {`
	`153`	`+ supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access does not contain the anti-csrf token.")`
`145`	`154`	`return nil, sterrors.TryRefreshTokenError{`
`146`	`155`	`Msg: "Access token does not contain the anti-csrf token.",`
`147`	`156`	`}`
`148`	`157`	`}`
`149`	`158`
`150`	`159`	`if expiryTime < GetCurrTimeInMS() {`
	`160`	`+ supertokens.LogDebugMessage("GetInfoFromAccessToken: Returning TryRefreshTokenError because access is expired")`
`151`	`161`	`return nil, sterrors.TryRefreshTokenError{`
`152`	`162`	`Msg: "Access token expired",`
`153`	`163`	`}`
`@@ -169,41 +179,55 @@ func ValidateAccessTokenStructure(payload map[string]interface{}, version int) e`
`169`	`179`	`err := errors.New("Access token does not contain all the information. Maybe the structure has changed?")`
`170`	`180`
`171`	`181`	`if version >= 3 {`
	`182`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version >= 3")`
`172`	`183`	`if _, ok := payload["sessionHandle"].(string); !ok {`
	`184`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")`
`173`	`185`	`return err`
`174`	`186`	`}`
`175`	`187`	`if _, ok := payload["sub"].(string); !ok {`
	`188`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: sub claim not found in JWT payload")`
`176`	`189`	`return err`
`177`	`190`	`}`
`178`	`191`	`if _, ok := payload["refreshTokenHash1"].(string); !ok {`
	`192`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")`
`179`	`193`	`return err`
`180`	`194`	`}`
`181`	`195`	`if _, ok := payload["exp"].(float64); !ok {`
	`196`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: exp claim not found in JWT payload")`
`182`	`197`	`return err`
`183`	`198`	`}`
`184`	`199`	`if _, ok := payload["iat"].(float64); !ok {`
	`200`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: iat claim not found in JWT payload")`
`185`	`201`	`return err`
`186`	`202`	`}`
`187`	`203`	`} else {`
	`204`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: Access token is using version < 3")`
`188`	`205`	`if _, ok := payload["sessionHandle"].(string); !ok {`
	`206`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: sessionHandle not found in JWT payload")`
`189`	`207`	`return err`
`190`	`208`	`}`
`191`	`209`	`if _, ok := payload["userId"].(string); !ok {`
	`210`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: userId not found in JWT payload")`
`192`	`211`	`return err`
`193`	`212`	`}`
`194`	`213`	`if _, ok := payload["refreshTokenHash1"].(string); !ok {`
	`214`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: refreshTokenHash1 not found in JWT payload")`
`195`	`215`	`return err`
`196`	`216`	`}`
`197`	`217`	`if payload["userData"] == nil {`
	`218`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData not found in JWT payload")`
`198`	`219`	`return err`
`199`	`220`	`}`
`200`	`221`	`if _, ok := payload["userData"].(map[string]interface{}); !ok {`
	`222`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: userData is invalid in JWT payload")`
`201`	`223`	`return err`
`202`	`224`	`}`
`203`	`225`	`if _, ok := payload["expiryTime"].(float64); !ok {`
	`226`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: expiryTime not found in JWT payload")`
`204`	`227`	`return err`
`205`	`228`	`}`
`206`	`229`	`if _, ok := payload["timeCreated"].(float64); !ok {`
	`230`	`+ supertokens.LogDebugMessage("ValidateAccessTokenStructure: timeCreated not found in JWT payload")`
`207`	`231`	`return err`
`208`	`232`	`}`
`209`	`233`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`	`package session`
`17`	`17`
`18`	`18`	`import (`
	`19`	`+ "fmt"`
`19`	`20`	`"reflect"`
`20`	`21`
`21`	`22`	`"github.com/supertokens/supertokens-golang/recipe/session/claims"`
`@@ -90,6 +91,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session`
`90`	`91`	`return nil, err`
`91`	`92`	`}`
`92`	`93`	`if sessionInformation == nil {`
	`94`	`+ supertokens.LogDebugMessage("GetSessionDataInDatabaseWithContext: Returning UnauthorizedError because session does not exist anymore")`
`93`	`95`	`return nil, errors.UnauthorizedError{Msg: "session does not exist anymore"}`
`94`	`96`	`}`
`95`	`97`	`return sessionInformation.SessionDataInDatabase, nil`
`@@ -101,6 +103,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session`
`101`	`103`	`return err`
`102`	`104`	`}`
`103`	`105`	`if !updated {`
	`106`	`+ supertokens.LogDebugMessage("UpdateSessionDataInDatabaseWithContext: Returning UnauthorizedError because session does not exist anymore")`
`104`	`107`	`return errors.UnauthorizedError{Msg: "session does not exist anymore"}`
`105`	`108`	`}`
`106`	`109`	`return nil`
`@@ -112,6 +115,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session`
`112`	`115`	`return 0, err`
`113`	`116`	`}`
`114`	`117`	`if sessionInformation == nil {`
	`118`	`+ supertokens.LogDebugMessage("GetTimeCreatedWithContext: Returning UnauthorizedError because session does not exist anymore")`
`115`	`119`	`return 0, errors.UnauthorizedError{Msg: "session does not exist anymore"}`
`116`	`120`	`}`
`117`	`121`	`return sessionInformation.TimeCreated, nil`
`@@ -123,6 +127,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session`
`123`	`127`	`return 0, err`
`124`	`128`	`}`
`125`	`129`	`if sessionInformation == nil {`
	`130`	`+ supertokens.LogDebugMessage("GetExpiryWithContext: Returning UnauthorizedError because session does not exist anymore")`
`126`	`131`	`return 0, errors.UnauthorizedError{Msg: "session does not exist anymore"}`
`127`	`132`	`}`
`128`	`133`	`return sessionInformation.Expiry, nil`
`@@ -160,6 +165,7 @@ func newSessionContainer(config sessmodels.TypeNormalisedInput, session *Session`
`160`	`165`	`response, err := regenerateAccessTokenHelper(*querier, &accessTokenPayload, sessionContainer.GetAccessToken())`
`161`	`166`
`162`	`167`	`if err != nil {`
	`168`	`+ supertokens.LogDebugMessage(fmt.Sprintf("MergeIntoAccessTokenPayloadWithContext: Returning UnauthorizedError because we could not regenerate the session - %s", err))`
`163`	`169`	`return errors.UnauthorizedError{`
`164`	`170`	`Msg: errors.UnauthorizedErrorStr,`
`165`	`171`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,7 @@ func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, confi`
`117`	`117`	`func GetSessionFromRequest(req http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, options sessmodels.VerifySessionOptions, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {`
`118`	`118`	`idRefreshToken := GetCookieValue(req, legacyIdRefreshTokenCookieName)`
`119`	`119`	`if idRefreshToken != nil {`
	`120`	`+ supertokens.LogDebugMessage("GetSessionFromRequest: Returning TryRefreshTokenError because the request is using a legacy session and should be refreshed")`
`120`	`121`	`return nil, errors.TryRefreshTokenError{`
`121`	`122`	`Msg: "using legacy session, please call the refresh API",`
`122`	`123`	`}`
`@@ -350,6 +351,10 @@ func RefreshSessionInRequest(req *http.Request, res http.ResponseWriter, config`
`350`	`351`	`}`
`351`	`352`	`}`
`352`	`353`
	`354`	`+ if isUnauthorisedErr {`
	`355`	`+ supertokens.LogDebugMessage("RefreshSessionInRequest: Returning UnauthorizedError because RefreshSession returned an error")`
	`356`	`+ }`
	`357`	`+`
`353`	`358`	`return nil, err`
`354`	`359`	`}`
`355`	`360`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ const (`
`21`	`21`	`)`
`22`	`22`
`23`	`23`	`// VERSION current version of the lib`
`24`		`-const VERSION = "0.12.2"`
	`24`	`+const VERSION = "0.12.3"`
`25`	`25`
`26`	`26`	`var (`
`27`	`27`	`cdiSupported = []string{"2.21"}`