migrated out more modules and refactored db system
This commit is contained in:
@@ -2,6 +2,7 @@ package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
@@ -9,47 +10,45 @@ import (
|
||||
"projectreshoot/pkg/config"
|
||||
"projectreshoot/pkg/contexts"
|
||||
"projectreshoot/pkg/cookies"
|
||||
"projectreshoot/pkg/db"
|
||||
"projectreshoot/pkg/jwt"
|
||||
|
||||
"git.haelnorr.com/h/golib/hlog"
|
||||
"git.haelnorr.com/h/golib/jwt"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/rs/zerolog"
|
||||
)
|
||||
|
||||
// Get the tokens from the request
|
||||
func getTokens(
|
||||
config *config.Config,
|
||||
ctx context.Context,
|
||||
tx db.SafeTX,
|
||||
tokenGen *jwt.TokenGenerator,
|
||||
tx *sql.Tx,
|
||||
r *http.Request,
|
||||
) (*jwt.AccessToken, *jwt.RefreshToken, error) {
|
||||
// get the existing tokens from the cookies
|
||||
atStr, rtStr := cookies.GetTokenStrings(r)
|
||||
aT, err := jwt.ParseAccessToken(config, ctx, tx, atStr)
|
||||
aT, err := tokenGen.ValidateAccess(tx, atStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "jwt.ParseAccessToken")
|
||||
return nil, nil, errors.Wrap(err, "tokenGen.ValidateAccess")
|
||||
}
|
||||
rT, err := jwt.ParseRefreshToken(config, ctx, tx, rtStr)
|
||||
rT, err := tokenGen.ValidateRefresh(tx, rtStr)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "jwt.ParseRefreshToken")
|
||||
return nil, nil, errors.Wrap(err, "tokenGen.ValidateRefresh")
|
||||
}
|
||||
return aT, rT, nil
|
||||
}
|
||||
|
||||
// Revoke the given token pair
|
||||
func revokeTokenPair(
|
||||
ctx context.Context,
|
||||
tx *db.SafeWTX,
|
||||
tx *sql.Tx,
|
||||
aT *jwt.AccessToken,
|
||||
rT *jwt.RefreshToken,
|
||||
) error {
|
||||
err := jwt.RevokeToken(ctx, tx, aT)
|
||||
err := aT.Revoke(tx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "jwt.RevokeToken")
|
||||
return errors.Wrap(err, "aT.Revoke")
|
||||
}
|
||||
err = jwt.RevokeToken(ctx, tx, rT)
|
||||
err = rT.Revoke(tx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "jwt.RevokeToken")
|
||||
return errors.Wrap(err, "rT.Revoke")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -57,12 +56,12 @@ func revokeTokenPair(
|
||||
// Issue new tokens for the user, invalidating the old ones
|
||||
func refreshTokens(
|
||||
config *config.Config,
|
||||
ctx context.Context,
|
||||
tx *db.SafeWTX,
|
||||
tokenGen *jwt.TokenGenerator,
|
||||
tx *sql.Tx,
|
||||
w http.ResponseWriter,
|
||||
r *http.Request,
|
||||
) error {
|
||||
aT, rT, err := getTokens(config, ctx, tx, r)
|
||||
aT, rT, err := getTokens(tokenGen, tx, r)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "getTokens")
|
||||
}
|
||||
@@ -72,11 +71,11 @@ func refreshTokens(
|
||||
}[aT.TTL]
|
||||
// issue new tokens for the user
|
||||
user := contexts.GetUser(r.Context())
|
||||
err = cookies.SetTokenCookies(w, r, config, user.User, true, rememberMe)
|
||||
err = cookies.SetTokenCookies(w, r, config, tokenGen, user.User, true, rememberMe)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "cookies.SetTokenCookies")
|
||||
}
|
||||
err = revokeTokenPair(ctx, tx, aT, rT)
|
||||
err = revokeTokenPair(tx, aT, rT)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "revokeTokenPair")
|
||||
}
|
||||
@@ -86,12 +85,13 @@ func refreshTokens(
|
||||
|
||||
// Validate the provided password
|
||||
func validatePassword(
|
||||
tx *sql.Tx,
|
||||
r *http.Request,
|
||||
) error {
|
||||
r.ParseForm()
|
||||
password := r.FormValue("password")
|
||||
user := contexts.GetUser(r.Context())
|
||||
err := user.CheckPassword(password)
|
||||
err := user.CheckPassword(tx, password)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "user.CheckPassword")
|
||||
}
|
||||
@@ -100,9 +100,10 @@ func validatePassword(
|
||||
|
||||
// Handle request to reauthenticate (i.e. make token fresh again)
|
||||
func Reauthenticate(
|
||||
logger *zerolog.Logger,
|
||||
logger *hlog.Logger,
|
||||
config *config.Config,
|
||||
conn *db.SafeConn,
|
||||
conn *sql.DB,
|
||||
tokenGen *jwt.TokenGenerator,
|
||||
) http.Handler {
|
||||
return http.HandlerFunc(
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
@@ -110,22 +111,21 @@ func Reauthenticate(
|
||||
defer cancel()
|
||||
|
||||
// Start the transaction
|
||||
tx, err := conn.Begin(ctx)
|
||||
tx, err := conn.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
logger.Warn().Err(err).Msg("Failed to refresh user tokens")
|
||||
w.WriteHeader(http.StatusServiceUnavailable)
|
||||
logger.Error().Err(err).Msg("Failed to start transaction")
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
err = validatePassword(r)
|
||||
defer tx.Rollback()
|
||||
err = validatePassword(tx, r)
|
||||
if err != nil {
|
||||
tx.Rollback()
|
||||
w.WriteHeader(445)
|
||||
form.ConfirmPassword("Incorrect password").Render(r.Context(), w)
|
||||
return
|
||||
}
|
||||
err = refreshTokens(config, ctx, tx, w, r)
|
||||
err = refreshTokens(config, tokenGen, tx, w, r)
|
||||
if err != nil {
|
||||
tx.Rollback()
|
||||
logger.Error().Err(err).Msg("Failed to refresh user tokens")
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user