feat: add support for ECDSA and EdDSA keys (#359)

Co-authored-by: Elias Schneider <login@eliasschneider.com>

backend/internal/middleware/jwt_auth.go

@@ -19,7 +19,6 @@ func NewJwtAuthMiddleware(jwtService *service.JwtService) *JwtAuthMiddleware {
 
 func (m *JwtAuthMiddleware) Add(adminRequired bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
-
 		userID, isAdmin, err := m.Verify(c, adminRequired)
 		if err != nil {
 			c.Abort()
@@ -33,27 +32,37 @@ func (m *JwtAuthMiddleware) Add(adminRequired bool) gin.HandlerFunc {
 	}
 }
 
-func (m *JwtAuthMiddleware) Verify(c *gin.Context, adminRequired bool) (userID string, isAdmin bool, err error) {
+func (m *JwtAuthMiddleware) Verify(c *gin.Context, adminRequired bool) (subject string, isAdmin bool, err error) {
 	// Extract the token from the cookie
-	token, err := c.Cookie(cookie.AccessTokenCookieName)
+	accessToken, err := c.Cookie(cookie.AccessTokenCookieName)
 	if err != nil {
 		// Try to extract the token from the Authorization header if it's not in the cookie
-		authorizationHeaderSplit := strings.Split(c.GetHeader("Authorization"), " ")
-		if len(authorizationHeaderSplit) != 2 {
+		var ok bool
+		_, accessToken, ok = strings.Cut(c.GetHeader("Authorization"), " ")
+		if !ok || accessToken == "" {
 			return "", false, &common.NotSignedInError{}
 		}
-		token = authorizationHeaderSplit[1]
 	}
 
-	claims, err := m.jwtService.VerifyAccessToken(token)
+	token, err := m.jwtService.VerifyAccessToken(accessToken)
 	if err != nil {
 		return "", false, &common.NotSignedInError{}
 	}
 
+	subject, ok := token.Subject()
+	if !ok {
+		_ = c.Error(&common.TokenInvalidError{})
+		return
+	}
+
 	// Check if the user is an admin
-	if adminRequired && !claims.IsAdmin {
+	isAdmin, err = service.GetIsAdmin(token)
+	if err != nil {
+		return "", false, &common.TokenInvalidError{}
+	}
+	if adminRequired && !isAdmin {
 		return "", false, &common.MissingPermissionError{}
 	}
 
-	return claims.Subject, claims.IsAdmin, nil
+	return subject, isAdmin, nil
 }