41 lines
953 B
Go
41 lines
953 B
Go
package hwsauth
|
|
|
|
import (
|
|
"database/sql"
|
|
"net/http"
|
|
|
|
"git.haelnorr.com/h/golib/jwt"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// Attempt to use a valid refresh token to generate a new token pair
|
|
func (auth *Authenticator[T]) refreshAuthTokens(
|
|
tx *sql.Tx,
|
|
w http.ResponseWriter,
|
|
r *http.Request,
|
|
rT *jwt.RefreshToken,
|
|
) (T, error) {
|
|
model, err := auth.load(tx, rT.SUB)
|
|
if err != nil {
|
|
return getNil[T](), errors.Wrap(err, "auth.load")
|
|
}
|
|
|
|
rememberMe := map[string]bool{
|
|
"session": false,
|
|
"exp": true,
|
|
}[rT.TTL]
|
|
|
|
// Set fresh to true because new tokens coming from refresh request
|
|
err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, model.ID(), false, rememberMe, auth.SSL)
|
|
if err != nil {
|
|
return getNil[T](), errors.Wrap(err, "jwt.SetTokenCookies")
|
|
}
|
|
// New tokens sent, revoke the old tokens
|
|
err = rT.Revoke(tx)
|
|
if err != nil {
|
|
return getNil[T](), errors.Wrap(err, "rT.Revoke")
|
|
}
|
|
// Return the authorized user
|
|
return model, nil
|
|
}
|