Login fully working (via HTMX and Cookies)

Moved code bits around for more Exported functions
Fixed JWT validation

internal/backend/header.go

@@ -48,7 +48,7 @@ func (b *Backend) ParseHeader(r *http.Request) (*ParsedHeader, error) {
 		if apiKey.Death > 0 && time.Unix(apiKey.Death, 0).Before(time.Now()) {
 			return nil, ErrApiKeyUnauthorized
 		}
-		out.Key = apiKey
+		out.Key = &apiKey
 	} else {
 		fmt.Println("origin:", r.Header.Get("origin"))
 		keys, err := b.keyTable.Find(r.Context(), map[string]any{"allowedOrigins": r.Header.Get("origin")})

internal/backend/user.go

@@ -37,10 +37,10 @@ func (b *Backend) GenerateJWT(r *ReqestUser) (string, error) {
 		return "", errors.New("user management not enabled")
 	}
 	return jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.RegisteredClaims{
-		ID:        r.ID,
 		Issuer:    "darkstorm.tech",
 		IssuedAt:  jwt.NewNumericDate(time.Now()),
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(12 * time.Hour)),
+		Subject:   r.ID,
 	}).SignedString(b.jwtPriv)
 }
 
@@ -68,7 +68,7 @@ func (b *Backend) TryLogin(ctx context.Context, username, password string) (User
 	if err == ErrNotFound {
 		return User{}, ErrLoginIncorrect
 	}
-	if len(users) > 0 {
+	if len(users) > 1 {
 		log.Println("duplicate username detected, fix immediately:", username)
 	}
 	user := users[0]
@@ -106,7 +106,7 @@ func (b *Backend) VerifyUser(ctx context.Context, token string) (*User, error) {
 		return nil, err
 	}
 	usr, err := b.userTable.Get(ctx, sub)
-	if err == jwt.ErrInvalidKey {
+	if err == ErrNotFound {
 		return nil, ErrTokenUnauthorized
 	} else if err != nil {
 		return nil, err
@@ -120,7 +120,7 @@ func (b *Backend) VerifyUser(ctx context.Context, token string) (*User, error) {
 	if usr.PasswordChange > 0 && iss.Time.Before(time.Unix(usr.PasswordChange, 0)) {
 		return nil, ErrTokenUnauthorized
 	}
-	return usr, nil
+	return &usr, nil
 }
 
 func NewUser(username, password, email string) (User, error) {