Update the JWT signing algo when the signing key is changed in the config

router/tokens/parser.go

@@ -6,8 +6,6 @@ import (
 	"time"
 )
 
-var alg *jwt.HMACSHA
-
 type TokenData interface {
 	GetPayload() *jwt.Payload
 }
@@ -18,16 +16,12 @@ type TokenData interface {
 //
 // This simply returns a parsed token.
 func ParseToken(token []byte, data TokenData) error {
-	if alg == nil {
-		alg = jwt.NewHS256([]byte(config.Get().AuthenticationToken))
-	}
-
 	verifyOptions := jwt.ValidatePayload(
 		data.GetPayload(),
 		jwt.ExpirationTimeValidator(time.Now()),
 	)
 
-	_, err := jwt.Verify(token, alg, &data, verifyOptions)
+	_, err := jwt.Verify(token, config.GetJwtAlgorithm(), &data, verifyOptions)
 
 	return err
 }

router/tokens/token_store.go

@@ -7,8 +7,8 @@ import (
 )
 
 type TokenStore struct {
+	sync.Mutex
 	cache *cache.Cache
-	mutex *sync.Mutex
 }
 
 var _tokens *TokenStore
@@ -20,16 +20,16 @@ func getTokenStore() *TokenStore {
 	if _tokens == nil {
 		_tokens = &TokenStore{
 			cache: cache.New(time.Minute*60, time.Minute*5),
-			mutex: &sync.Mutex{},
 		}
 	}
 
 	return _tokens
 }
 
+// Checks if a token is valid or not.
 func (t *TokenStore) IsValidToken(token string) bool {
-	t.mutex.Lock()
-	defer t.mutex.Unlock()
+	t.Lock()
+	defer t.Unlock()
 
 	_, exists := t.cache.Get(token)