Compare commits
2 Commits
hwsauth/v0
...
hwsauth/v0
| Author | SHA1 | Date | |
|---|---|---|---|
| 05be28d7f3 | |||
| 8f7c87cef2 |
@@ -33,13 +33,17 @@ func (auth *Authenticator[T, TX]) Logout(tx TX, w http.ResponseWriter, r *http.R
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "auth.getTokens")
|
||||
}
|
||||
err = aT.Revoke(jwt.DBTransaction(tx))
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "aT.Revoke")
|
||||
if aT != nil {
|
||||
err = aT.Revoke(jwt.DBTransaction(tx))
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "aT.Revoke")
|
||||
}
|
||||
}
|
||||
err = rT.Revoke(jwt.DBTransaction(tx))
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "rT.Revoke")
|
||||
if rT != nil {
|
||||
err = rT.Revoke(jwt.DBTransaction(tx))
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "rT.Revoke")
|
||||
}
|
||||
}
|
||||
cookies.DeleteCookie(w, "access", "/")
|
||||
cookies.DeleteCookie(w, "refresh", "/")
|
||||
|
||||
@@ -16,12 +16,20 @@ import (
|
||||
//
|
||||
// Example:
|
||||
//
|
||||
// server.AddMiddleware(auth.Authenticate())
|
||||
func (auth *Authenticator[T, TX]) Authenticate() hws.Middleware {
|
||||
return auth.server.NewMiddleware(auth.authenticate())
|
||||
// server.AddMiddleware(auth.Authenticate(nil))
|
||||
//
|
||||
// If extraCheck is provided, it will run just before the user is added to the context,
|
||||
// and the return will determine if the user will be added, or the request passed on
|
||||
// without the user.
|
||||
func (auth *Authenticator[T, TX]) Authenticate(
|
||||
extraCheck func(ctx context.Context, model T, tx TX, w http.ResponseWriter, r *http.Request) (bool, *hws.HWSError),
|
||||
) hws.Middleware {
|
||||
return auth.server.NewMiddleware(auth.authenticate(extraCheck))
|
||||
}
|
||||
|
||||
func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
|
||||
func (auth *Authenticator[T, TX]) authenticate(
|
||||
extraCheck func(ctx context.Context, model T, tx TX, w http.ResponseWriter, r *http.Request) (bool, *hws.HWSError),
|
||||
) hws.MiddlewareFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) (*http.Request, *hws.HWSError) {
|
||||
if globTest(r.URL.Path, auth.ignoredPaths) {
|
||||
return r, nil
|
||||
@@ -66,6 +74,14 @@ func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
|
||||
Msg("Failed to authenticate user")
|
||||
return r, nil
|
||||
}
|
||||
var check bool
|
||||
if extraCheck != nil {
|
||||
var err *hws.HWSError
|
||||
check, err = extraCheck(ctx, model.model, txTyped, w, r)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
err = tx.Commit()
|
||||
if err != nil {
|
||||
return nil, &hws.HWSError{
|
||||
@@ -76,7 +92,10 @@ func (auth *Authenticator[T, TX]) authenticate() hws.MiddlewareFunc {
|
||||
}
|
||||
authContext := setAuthenticatedModel(r.Context(), model)
|
||||
newReq := r.WithContext(authContext)
|
||||
return newReq, nil
|
||||
if extraCheck == nil || check {
|
||||
return newReq, nil
|
||||
}
|
||||
return r, nil
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ func (auth *Authenticator[T, TX]) RefreshAuthTokens(tx TX, w http.ResponseWriter
|
||||
rememberMe := map[string]bool{
|
||||
"session": false,
|
||||
"exp": true,
|
||||
}[aT.TTL]
|
||||
}[rT.TTL]
|
||||
// issue new tokens for the user
|
||||
err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, rT.SUB, true, rememberMe, auth.SSL)
|
||||
if err != nil {
|
||||
@@ -55,13 +55,20 @@ func (auth *Authenticator[T, TX]) getTokens(
|
||||
) (*jwt.AccessToken, *jwt.RefreshToken, error) {
|
||||
// get the existing tokens from the cookies
|
||||
atStr, rtStr := jwt.GetTokenCookies(r)
|
||||
aT, err := auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess")
|
||||
var aT *jwt.AccessToken
|
||||
var rT *jwt.RefreshToken
|
||||
var err error
|
||||
if atStr != "" {
|
||||
aT, err = auth.tokenGenerator.ValidateAccess(jwt.DBTransaction(tx), atStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess")
|
||||
}
|
||||
}
|
||||
rT, err := auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh")
|
||||
if rtStr != "" {
|
||||
rT, err = auth.tokenGenerator.ValidateRefresh(jwt.DBTransaction(tx), rtStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh")
|
||||
}
|
||||
}
|
||||
return aT, rT, nil
|
||||
}
|
||||
@@ -72,13 +79,17 @@ func revokeTokenPair(
|
||||
aT *jwt.AccessToken,
|
||||
rT *jwt.RefreshToken,
|
||||
) error {
|
||||
err := aT.Revoke(tx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "aT.Revoke")
|
||||
if aT != nil {
|
||||
err := aT.Revoke(tx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "aT.Revoke")
|
||||
}
|
||||
}
|
||||
err = rT.Revoke(tx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "rT.Revoke")
|
||||
if rT != nil {
|
||||
err := rT.Revoke(tx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "rT.Revoke")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user