refactor to improve database operability in hwsauth
This commit is contained in:
@@ -7,7 +7,26 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func (auth *Authenticator[T]) RefreshAuthTokens(tx DBTransaction, w http.ResponseWriter, r *http.Request) error {
|
||||
// RefreshAuthTokens manually refreshes the user's authentication tokens.
|
||||
// This revokes the old tokens and issues new ones.
|
||||
// Requires a database transaction for token operations.
|
||||
//
|
||||
// Note: Token refresh is normally handled automatically by the Authenticate middleware.
|
||||
// Use this method only when you need explicit control over token refresh.
|
||||
//
|
||||
// Example:
|
||||
//
|
||||
// func refreshHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// tx, _ := db.BeginTx(r.Context(), nil)
|
||||
// defer tx.Rollback()
|
||||
// if err := auth.RefreshAuthTokens(tx, w, r); err != nil {
|
||||
// http.Error(w, "Refresh failed", http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
// tx.Commit()
|
||||
// w.WriteHeader(http.StatusOK)
|
||||
// }
|
||||
func (auth *Authenticator[T, TX]) RefreshAuthTokens(tx TX, w http.ResponseWriter, r *http.Request) error {
|
||||
aT, rT, err := auth.getTokens(tx, r)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "getTokens")
|
||||
@@ -21,7 +40,7 @@ func (auth *Authenticator[T]) RefreshAuthTokens(tx DBTransaction, w http.Respons
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "jwt.SetTokenCookies")
|
||||
}
|
||||
err = revokeTokenPair(tx, aT, rT)
|
||||
err = revokeTokenPair(jwt.DBTransaction(tx), aT, rT)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "revokeTokenPair")
|
||||
}
|
||||
@@ -30,17 +49,17 @@ func (auth *Authenticator[T]) RefreshAuthTokens(tx DBTransaction, w http.Respons
|
||||
}
|
||||
|
||||
// Get the tokens from the request
|
||||
func (auth *Authenticator[T]) getTokens(
|
||||
tx DBTransaction,
|
||||
func (auth *Authenticator[T, TX]) getTokens(
|
||||
tx TX,
|
||||
r *http.Request,
|
||||
) (*jwt.AccessToken, *jwt.RefreshToken, error) {
|
||||
// get the existing tokens from the cookies
|
||||
atStr, rtStr := jwt.GetTokenCookies(r)
|
||||
aT, err := auth.tokenGenerator.ValidateAccess(tx, atStr)
|
||||
aT, err := auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess")
|
||||
}
|
||||
rT, err := auth.tokenGenerator.ValidateRefresh(tx, rtStr)
|
||||
rT, err := auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh")
|
||||
}
|
||||
@@ -49,7 +68,7 @@ func (auth *Authenticator[T]) getTokens(
|
||||
|
||||
// Revoke the given token pair
|
||||
func revokeTokenPair(
|
||||
tx DBTransaction,
|
||||
tx jwt.DBTransaction,
|
||||
aT *jwt.AccessToken,
|
||||
rT *jwt.RefreshToken,
|
||||
) error {
|
||||
|
||||
Reference in New Issue
Block a user