initial working version

internal/token/jwt.go

@@ -0,0 +1,46 @@
+package token
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+)
+
+// DecodePayload decodes the payload (claims) of a JWT without verifying the signature.
+func DecodePayload(tokenStr string) (map[string]interface{}, error) {
+	parts := strings.Split(tokenStr, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("invalid JWT: expected 3 parts, got %d", len(parts))
+	}
+
+	payload, err := base64.RawURLEncoding.DecodeString(parts[1])
+	if err != nil {
+		return nil, fmt.Errorf("decoding JWT payload: %w", err)
+	}
+
+	var claims map[string]interface{}
+	if err := json.Unmarshal(payload, &claims); err != nil {
+		return nil, fmt.Errorf("unmarshaling JWT payload: %w", err)
+	}
+
+	return claims, nil
+}
+
+// ExpiryInfo extracts the expiry time and remaining duration from JWT claims.
+func ExpiryInfo(claims map[string]interface{}) (exp time.Time, remaining time.Duration) {
+	expVal, ok := claims["exp"]
+	if !ok {
+		return time.Time{}, 0
+	}
+
+	expFloat, ok := expVal.(float64)
+	if !ok {
+		return time.Time{}, 0
+	}
+
+	exp = time.Unix(int64(expFloat), 0)
+	remaining = time.Until(exp)
+	return exp, remaining
+}