h/golib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed fatal bug after access token expires

Browse Source
This commit is contained in:
Haelnorr
2026-02-07 17:58:02 +11:00
parent 8f7c87cef2
commit 05be28d7f3
2 changed files with 34 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
hwsauth/logout.go
View File

@@ -33,13 +33,17 @@ func (auth *Authenticator[T, TX]) Logout(tx TX, w http.ResponseWriter, r *http.R
if err != nil { if err != nil {
return errors.Wrap(err, "auth.getTokens") return errors.Wrap(err, "auth.getTokens")
} }
err = aT.Revoke(jwt.DBTransaction(tx)) if aT != nil {
if err != nil { err = aT.Revoke(jwt.DBTransaction(tx))
return errors.Wrap(err, "aT.Revoke") if err != nil {
return errors.Wrap(err, "aT.Revoke")
}
} }
err = rT.Revoke(jwt.DBTransaction(tx)) if rT != nil {
if err != nil { err = rT.Revoke(jwt.DBTransaction(tx))
return errors.Wrap(err, "rT.Revoke") if err != nil {
return errors.Wrap(err, "rT.Revoke")
}
} }
cookies.DeleteCookie(w, "access", "/") cookies.DeleteCookie(w, "access", "/")
cookies.DeleteCookie(w, "refresh", "/") cookies.DeleteCookie(w, "refresh", "/")

37
hwsauth/reauthenticate.go
View File

@@ -34,7 +34,7 @@ func (auth *Authenticator[T, TX]) RefreshAuthTokens(tx TX, w http.ResponseWriter
rememberMe := map[string]bool{ rememberMe := map[string]bool{
"session": false, "session": false,
"exp": true, "exp": true,
}[aT.TTL] }[rT.TTL]
// issue new tokens for the user // issue new tokens for the user
err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, rT.SUB, true, rememberMe, auth.SSL) err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, rT.SUB, true, rememberMe, auth.SSL)
if err != nil { if err != nil {
@@ -55,13 +55,20 @@ func (auth *Authenticator[T, TX]) getTokens(
) (*jwt.AccessToken, *jwt.RefreshToken, error) { ) (*jwt.AccessToken, *jwt.RefreshToken, error) {
// get the existing tokens from the cookies // get the existing tokens from the cookies
atStr, rtStr := jwt.GetTokenCookies(r) atStr, rtStr := jwt.GetTokenCookies(r)
aT, err := auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr) var aT *jwt.AccessToken
if err != nil { var rT *jwt.RefreshToken
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess") var err error
if atStr != "" {
aT, err = auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr)
if err != nil {
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess")
}
} }
rT, err := auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr) if rtStr != "" {
if err != nil { rT, err = auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr)
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh") if err != nil {
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh")
}
} }
return aT, rT, nil return aT, rT, nil
} }
@@ -72,13 +79,17 @@ func revokeTokenPair(
aT *jwt.AccessToken, aT *jwt.AccessToken,
rT *jwt.RefreshToken, rT *jwt.RefreshToken,
) error { ) error {
err := aT.Revoke(tx) if aT != nil {
if err != nil { err := aT.Revoke(tx)
return errors.Wrap(err, "aT.Revoke") if err != nil {
return errors.Wrap(err, "aT.Revoke")
}
} }
err = rT.Revoke(tx) if rT != nil {
if err != nil { err := rT.Revoke(tx)
return errors.Wrap(err, "rT.Revoke") if err != nil {
return errors.Wrap(err, "rT.Revoke")
}
} }
return nil return nil
} }