From e605e6437b382749777e1eeee165c54d4a98f98f Mon Sep 17 00:00:00 2001
From: Haelnorr <lockedonohoe@gmail.com>
Date: Wed, 12 Feb 2025 11:39:21 +1100
Subject: [PATCH] Minor fix to theme rendering and token parsing

---
 jwt/parse.go                 | 58 ++++++++++++++++++++----------------
 middleware/authentication.go |  2 +-
 view/layout/global.templ     | 28 ++++++++++-------
 3 files changed, 50 insertions(+), 38 deletions(-)

diff --git a/jwt/parse.go b/jwt/parse.go
index 4dd9b45..8a49127 100644
--- a/jwt/parse.go
+++ b/jwt/parse.go
@@ -19,48 +19,51 @@ func ParseAccessToken(
 	config *config.Config,
 	conn *sql.DB,
 	tokenString string,
-) (AccessToken, error) {
+) (*AccessToken, error) {
+	if tokenString == "" {
+		return nil, errors.New("Access token string not provided")
+	}
 	claims, err := parseToken(config.SecretKey, tokenString)
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "parseToken")
+		return nil, errors.Wrap(err, "parseToken")
 	}
 	expiry, err := checkTokenExpired(claims["exp"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "checkTokenExpired")
+		return nil, errors.Wrap(err, "checkTokenExpired")
 	}
 	issuer, err := checkTokenIssuer(config.TrustedHost, claims["iss"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "checkTokenIssuer")
+		return nil, errors.Wrap(err, "checkTokenIssuer")
 	}
 	ttl, err := getTokenTTL(claims["ttl"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "getTokenTTL")
+		return nil, errors.Wrap(err, "getTokenTTL")
 	}
 	scope, err := getTokenScope(claims["scope"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "getTokenScope")
+		return nil, errors.Wrap(err, "getTokenScope")
 	}
 	if scope != "access" {
-		return AccessToken{}, errors.New("Token is not an Access token")
+		return nil, errors.New("Token is not an Access token")
 	}
 	issuedAt, err := getIssuedTime(claims["iat"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "getIssuedTime")
+		return nil, errors.Wrap(err, "getIssuedTime")
 	}
 	subject, err := getTokenSubject(claims["sub"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "getTokenSubject")
+		return nil, errors.Wrap(err, "getTokenSubject")
 	}
 	fresh, err := getFreshTime(claims["fresh"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "getFreshTime")
+		return nil, errors.Wrap(err, "getFreshTime")
 	}
 	jti, err := getTokenJTI(claims["jti"])
 	if err != nil {
-		return AccessToken{}, errors.Wrap(err, "getTokenJTI")
+		return nil, errors.Wrap(err, "getTokenJTI")
 	}
 
-	token := AccessToken{
+	token := &AccessToken{
 		ISS:   issuer,
 		TTL:   ttl,
 		EXP:   expiry,
@@ -73,7 +76,7 @@ func ParseAccessToken(
 
 	valid, err := CheckTokenNotRevoked(conn, token)
 	if err != nil || !valid {
-		return AccessToken{}, errors.Wrap(err, "CheckTokenNotRevoked")
+		return nil, errors.Wrap(err, "CheckTokenNotRevoked")
 	}
 	return token, nil
 }
@@ -85,44 +88,47 @@ func ParseRefreshToken(
 	config *config.Config,
 	conn *sql.DB,
 	tokenString string,
-) (RefreshToken, error) {
+) (*RefreshToken, error) {
+	if tokenString == "" {
+		return nil, errors.New("Refresh token string not provided")
+	}
 	claims, err := parseToken(config.SecretKey, tokenString)
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "parseToken")
+		return nil, errors.Wrap(err, "parseToken")
 	}
 	expiry, err := checkTokenExpired(claims["exp"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "checkTokenExpired")
+		return nil, errors.Wrap(err, "checkTokenExpired")
 	}
 	issuer, err := checkTokenIssuer(config.TrustedHost, claims["iss"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "checkTokenIssuer")
+		return nil, errors.Wrap(err, "checkTokenIssuer")
 	}
 	ttl, err := getTokenTTL(claims["ttl"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "getTokenTTL")
+		return nil, errors.Wrap(err, "getTokenTTL")
 	}
 	scope, err := getTokenScope(claims["scope"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "getTokenScope")
+		return nil, errors.Wrap(err, "getTokenScope")
 	}
 	if scope != "refresh" {
-		return RefreshToken{}, errors.New("Token is not an Refresh token")
+		return nil, errors.New("Token is not an Refresh token")
 	}
 	issuedAt, err := getIssuedTime(claims["iat"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "getIssuedTime")
+		return nil, errors.Wrap(err, "getIssuedTime")
 	}
 	subject, err := getTokenSubject(claims["sub"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "getTokenSubject")
+		return nil, errors.Wrap(err, "getTokenSubject")
 	}
 	jti, err := getTokenJTI(claims["jti"])
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "getTokenJTI")
+		return nil, errors.Wrap(err, "getTokenJTI")
 	}
 
-	token := RefreshToken{
+	token := &RefreshToken{
 		ISS:   issuer,
 		TTL:   ttl,
 		EXP:   expiry,
@@ -134,10 +140,10 @@ func ParseRefreshToken(
 
 	valid, err := CheckTokenNotRevoked(conn, token)
 	if err != nil {
-		return RefreshToken{}, errors.Wrap(err, "CheckTokenNotRevoked")
+		return nil, errors.Wrap(err, "CheckTokenNotRevoked")
 	}
 	if !valid {
-		return RefreshToken{}, errors.New("Token has been revoked")
+		return nil, errors.New("Token has been revoked")
 	}
 	return token, nil
 }
diff --git a/middleware/authentication.go b/middleware/authentication.go
index c29852c..38cabbe 100644
--- a/middleware/authentication.go
+++ b/middleware/authentication.go
@@ -64,7 +64,7 @@ func getAuthenticatedUser(
 			return nil, errors.Wrap(err, "jwt.ParseRefreshToken")
 		}
 		// Refresh token valid, attempt to get a new token pair
-		user, err := refreshAuthTokens(config, conn, w, r, &rT)
+		user, err := refreshAuthTokens(config, conn, w, r, rT)
 		if err != nil {
 			return nil, errors.Wrap(err, "refreshAuthTokens")
 		}
diff --git a/view/layout/global.templ b/view/layout/global.templ
index e220972..25dd4e4 100644
--- a/view/layout/global.templ
+++ b/view/layout/global.templ
@@ -17,24 +17,30 @@ templ Global() {
             window.matchMedia('(prefers-color-scheme: dark)').matches)}"
 	>
 		<head>
+			<script>
+                (function () {
+                    let theme = localStorage.getItem("theme") || "system";
+                    if (theme === "system") {
+                        theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light";
+                    }
+                    if (theme === "dark") {
+                        document.documentElement.classList.add("dark");
+                    } else {
+                        document.documentElement.classList.remove("dark");
+                    }
+                })();
+            </script>
 			<meta charset="UTF-8"/>
 			<meta name="viewport" content="width=device-width, initial-scale=1"/>
 			<title>Project Reshoot</title>
 			<link href="/static/css/output.css" rel="stylesheet"/>
 			<script src="https://unpkg.com/htmx.org@2.0.4" integrity="sha384-HGfztofotfshcF7+8n44JQL2oJmowVChPTg48S+jvZoztPfvwD79OC/LTtG6dMp+" crossorigin="anonymous"></script>
+			<script defer src="https://cdn.jsdelivr.net/npm/@alpinejs/persist@3.x.x/dist/cdn.min.js"></script>
 			<script src="https://unpkg.com/alpinejs" defer></script>
-			<script>
-                document.documentElement.classList.toggle(
-                    "dark",
-                    localStorage.currentTheme === "dark" ||
-                    (
-                        !("theme" in localStorage) &&
-                        window.matchMedia("(prefers-color-scheme: dark)").matches
-                    ),
-                );
-            </script>
 		</head>
-		<body class="bg-base text-text ubuntu-mono-regular">
+		<body
+			class="bg-base text-text ubuntu-mono-regular"
+		>
 			<div id="main-content" class="flex flex-col h-screen justify-between">
 				@nav.Navbar()
 				<div id="page-content" class="mb-auto">