func loginWithAuthTimeCheckHandler()

in snippets/auth.go [657:695]

• 33 lines of code
• 5 McCabe index (conditional complexity)

func loginWithAuthTimeCheckHandler(client *auth.Client) http.HandlerFunc {
	// [START check_auth_time]
	return func(w http.ResponseWriter, r *http.Request) {
		// Get the ID token sent by the client
		defer r.Body.Close()
		idToken, err := getIDTokenFromBody(r)
		if err != nil {
			http.Error(w, err.Error(), http.StatusBadRequest)
			return
		}

		decoded, err := client.VerifyIDToken(r.Context(), idToken)
		if err != nil {
			http.Error(w, "Invalid ID token", http.StatusUnauthorized)
			return
		}
		// Return error if the sign-in is older than 5 minutes.
		if time.Now().Unix()-decoded.Claims["auth_time"].(int64) > 5*60 {
			http.Error(w, "Recent sign-in required", http.StatusUnauthorized)
			return
		}

		expiresIn := time.Hour * 24 * 5
		cookie, err := client.SessionCookie(r.Context(), idToken, expiresIn)
		if err != nil {
			http.Error(w, "Failed to create a session cookie", http.StatusInternalServerError)
			return
		}
		http.SetCookie(w, &http.Cookie{
			Name:     "session",
			Value:    cookie,
			MaxAge:   int(expiresIn.Seconds()),
			HttpOnly: true,
			Secure:   true,
		})
		w.Write([]byte(`{"status": "success"}`))
	}
	// [END check_auth_time]
}