created hwsauth module

hwsauth/refreshtokens.go

@@ -0,0 +1,40 @@
+package hwsauth
+
+import (
+	"database/sql"
+	"net/http"
+
+	"git.haelnorr.com/h/golib/jwt"
+	"github.com/pkg/errors"
+)
+
+// Attempt to use a valid refresh token to generate a new token pair
+func (auth *Authenticator[T]) refreshAuthTokens(
+	tx *sql.Tx,
+	w http.ResponseWriter,
+	r *http.Request,
+	rT *jwt.RefreshToken,
+) (T, error) {
+	model, err := auth.load(tx, rT.SUB)
+	if err != nil {
+		return getNil[T](), errors.Wrap(err, "auth.load")
+	}
+
+	rememberMe := map[string]bool{
+		"session": false,
+		"exp":     true,
+	}[rT.TTL]
+
+	// Set fresh to true because new tokens coming from refresh request
+	err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, model.ID(), false, rememberMe, auth.SSL)
+	if err != nil {
+		return getNil[T](), errors.Wrap(err, "jwt.SetTokenCookies")
+	}
+	// New tokens sent, revoke the old tokens
+	err = rT.Revoke(tx)
+	if err != nil {
+		return getNil[T](), errors.Wrap(err, "rT.Revoke")
+	}
+	// Return the authorized user
+	return model, nil
+}