https://supertokens.com/
Join Discord
Menu
Home
Archive
Hi, I am trying to integrate Supertokens with echo-labstack. I followed this example https://github....
# support-questions-legacy
m
Hi, I am trying to integrate Supertokens with echo-labstack. I followed this example https://github.com/supertokens/supertokens-golang/blob/master/examples/with-labstack-echo/main.go. Echo advocates to return errors from your Handlers, which will then be handled by their HTTP Error Handler (which you can customize). This works fine until I introduce the session.VerifySession in my middleware, as per the example (wrap it to turn it into a echo.MiddlewareFunc). As soon as I use this middleware on my routes, they always return 
200
(empty body), no matter how may errors I return from my handlers. As soon as I remove the session.VerifySession echo'fied middleware, I get the actual errors. It seems as if the session.VerifySession middleware is swallowing the echo error and just returning a 
200
instead. Anybody any idea what could be causing this?
r
hey @mvilrokx
@sattvikc can help here when he has time
@sattvikc may take sometime / a few days to reply. However, in the meantime, you can replace our verifySession functin with a simple JWT verification library: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/jwt-verification
m
Like so?
Copy code
func CustomVerifySession(options *sessmodels.VerifySessionOptions) echo.MiddlewareFunc {
    return func(next echo.HandlerFunc) echo.HandlerFunc {
        return func(c echo.Context) error {
            sessionContainer, err := session.GetSession(c.Request(), c.Response(), options)
            if err != nil {
                if defaultErrors.As(err, &errors.TryRefreshTokenError{}) {
                    // This means that the session exists, but the access token
                    // has expired.
                    return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
                } else if defaultErrors.As(err, &errors.UnauthorizedError{}) {
                    // This means that the session does not exist anymore.
                    return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
                } else if defaultErrors.As(err, &errors.InvalidClaimError{}) {
                    // The user is missing some required claim.
                    // You can pass the missing claims to the frontend and handle it there. Send a 403 to the frontend.
                    return echo.NewHTTPError(http.StatusForbidden, err.Error())
                }
            }

            if sessionContainer != nil {
                c.Set("session", sessionContainer)
            }

            return next(c)
        }
    }
}
Basically copied from https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#building-your-own-custom-middleware and adapted for Echo
r
Yes
hey @mvilrokx , we have updated the example with a fix.
33 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by