From c26b18c8b746f1a93bc15cd3907627feef2c93cd Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Wed, 24 Jul 2024 14:45:13 +0100
Subject: [PATCH] Verify provided token on every request.

---
 main.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index d463d48..4d9d032 100644
--- a/main.go
+++ b/main.go
@@ -137,7 +137,18 @@ func (t *TraefikOidc) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 
 	authenticated, _ := session.Values["authenticated"].(bool)
 	if authenticated {
-		// infoLogger.Printf("User is authenticated, proceeding to next handler")
+		idToken, ok := session.Values["id_token"].(string)
+		if !ok || idToken == "" {
+			http.Error(rw, "Invalid session", http.StatusUnauthorized)
+			return
+		}
+
+		if err := t.verifyToken(idToken); err != nil {
+			http.Error(rw, "Invalid token", http.StatusUnauthorized)
+			return
+		}
+
+		// Proceed with the request
 		t.next.ServeHTTP(rw, req)
 		return
 	}