Bugfix

- Role is now again listed in jwt when retrieving new access token (closes #3)
2026-03-03 15:45:53 +01:00
parent ef7ef3cf74
commit 0afd5bfc3a
2 changed files with 7 additions and 3 deletions
--- a/handlers/account.go
+++ b/handlers/account.go
@@ -200,7 +200,13 @@ func RefreshToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	accessToken, _ := auth.GenerateJWT(tokenRow.UserID, "", []byte(os.Getenv("SHAP_JWT_SECRET")))
+	user, err := storage.GetUserById(tokenRow.UserID)
+	if err != nil {
+		log.Println("POST [api/refresh] " + r.RemoteAddr + ": " + err.Error())
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+	accessToken, _ := auth.GenerateJWT(tokenRow.UserID, user.Role, []byte(os.Getenv("SHAP_JWT_SECRET")))

 	if err = json.NewEncoder(w).Encode(map[string]string{
 		"access_token":  accessToken,
--- a/server/server.go
+++ b/server/server.go
@@ -17,8 +17,6 @@ type Server struct {
 	PrivateKeyPath  string
 }

-var cfg, _ = config.LoadConfig()
-
 func InitServer() *Server {

 	err := config.CheckIfExists()