67 lines
1.5 KiB
Go
67 lines
1.5 KiB
Go
package hwsauth
|
|
|
|
import (
|
|
"database/sql"
|
|
"net/http"
|
|
|
|
"git.haelnorr.com/h/golib/jwt"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
func (auth *Authenticator[T]) RefreshAuthTokens(tx *sql.Tx, w http.ResponseWriter, r *http.Request) error {
|
|
aT, rT, err := auth.getTokens(tx, r)
|
|
if err != nil {
|
|
return errors.Wrap(err, "getTokens")
|
|
}
|
|
rememberMe := map[string]bool{
|
|
"session": false,
|
|
"exp": true,
|
|
}[aT.TTL]
|
|
// issue new tokens for the user
|
|
err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, rT.SUB, true, rememberMe, auth.SSL)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.SetTokenCookies")
|
|
}
|
|
err = revokeTokenPair(tx, aT, rT)
|
|
if err != nil {
|
|
return errors.Wrap(err, "revokeTokenPair")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Get the tokens from the request
|
|
func (auth *Authenticator[T]) getTokens(
|
|
tx *sql.Tx,
|
|
r *http.Request,
|
|
) (*jwt.AccessToken, *jwt.RefreshToken, error) {
|
|
// get the existing tokens from the cookies
|
|
atStr, rtStr := jwt.GetTokenCookies(r)
|
|
aT, err := auth.tokenGenerator.ValidateAccess(tx, atStr)
|
|
if err != nil {
|
|
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateAccess")
|
|
}
|
|
rT, err := auth.tokenGenerator.ValidateRefresh(tx, rtStr)
|
|
if err != nil {
|
|
return nil, nil, errors.Wrap(err, "tokenGenerator.ValidateRefresh")
|
|
}
|
|
return aT, rT, nil
|
|
}
|
|
|
|
// Revoke the given token pair
|
|
func revokeTokenPair(
|
|
tx *sql.Tx,
|
|
aT *jwt.AccessToken,
|
|
rT *jwt.RefreshToken,
|
|
) error {
|
|
err := aT.Revoke(tx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "aT.Revoke")
|
|
}
|
|
err = rT.Revoke(tx)
|
|
if err != nil {
|
|
return errors.Wrap(err, "rT.Revoke")
|
|
}
|
|
return nil
|
|
}
|