This commit is contained in:
Muyao CHEN
16
README.md
16
README.md
@ -342,3 +342,19 @@ front-end for now and concentrate on my backend Go app.
|
|||||||
For now, I will just test my backend with `curl`.
|
For now, I will just test my backend with `curl`.
|
||||||
|
|
||||||
And today's job is to get the login part done!
|
And today's job is to get the login part done!
|
||||||
|
|
||||||
|
### 2024/10/13
|
||||||
|
|
||||||
|
Finally it took more than just one night for me to figure out the JWT.
|
||||||
|
|
||||||
|
The JWT token is simple because it doesn't need to be stored to and fetched
|
||||||
|
from a database. But there is no way to revoke it instead of waiting for the
|
||||||
|
expiry date.
|
||||||
|
|
||||||
|
To do so, we still have to use a database. We can store a logged out user's
|
||||||
|
jti into Redis, and each time we log in, look up the cache to find if the
|
||||||
|
user is logged out. And set the cache's timeout to the expiry time of the
|
||||||
|
token, so that it is removed automatically.
|
||||||
|
|
||||||
|
It'd better to inject the dependency of Redis connection into the `Authn`
|
||||||
|
middleware so that it's simpler to test.
|
||||||
|
|||||||
Reference in New Issue
Block a user