migrated out more modules and refactored db system
This commit is contained in:
@@ -2,6 +2,7 @@ package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"net/http"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
@@ -11,25 +12,24 @@ import (
|
||||
"projectreshoot/pkg/config"
|
||||
"projectreshoot/pkg/contexts"
|
||||
"projectreshoot/pkg/cookies"
|
||||
"projectreshoot/pkg/db"
|
||||
"projectreshoot/pkg/jwt"
|
||||
|
||||
"git.haelnorr.com/h/golib/hlog"
|
||||
"git.haelnorr.com/h/golib/jwt"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/rs/zerolog"
|
||||
)
|
||||
|
||||
// Attempt to use a valid refresh token to generate a new token pair
|
||||
func refreshAuthTokens(
|
||||
config *config.Config,
|
||||
ctx context.Context,
|
||||
tx *db.SafeWTX,
|
||||
tokenGen *jwt.TokenGenerator,
|
||||
tx *sql.Tx,
|
||||
w http.ResponseWriter,
|
||||
req *http.Request,
|
||||
ref *jwt.RefreshToken,
|
||||
) (*models.User, error) {
|
||||
user, err := ref.GetUser(ctx, tx)
|
||||
user, err := models.GetUserFromID(tx, ref.SUB)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "ref.GetUser")
|
||||
return nil, errors.Wrap(err, "models.GetUser")
|
||||
}
|
||||
|
||||
rememberMe := map[string]bool{
|
||||
@@ -38,14 +38,14 @@ func refreshAuthTokens(
|
||||
}[ref.TTL]
|
||||
|
||||
// Set fresh to true because new tokens coming from refresh request
|
||||
err = cookies.SetTokenCookies(w, req, config, user, false, rememberMe)
|
||||
err = cookies.SetTokenCookies(w, req, config, tokenGen, user, false, rememberMe)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "cookies.SetTokenCookies")
|
||||
}
|
||||
// New tokens sent, revoke the used refresh token
|
||||
err = jwt.RevokeToken(ctx, tx, ref)
|
||||
err = ref.Revoke(tx)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "jwt.RevokeToken")
|
||||
return nil, errors.Wrap(err, "ref.Revoke")
|
||||
}
|
||||
// Return the authorized user
|
||||
return user, nil
|
||||
@@ -54,23 +54,26 @@ func refreshAuthTokens(
|
||||
// Check the cookies for token strings and attempt to authenticate them
|
||||
func getAuthenticatedUser(
|
||||
config *config.Config,
|
||||
ctx context.Context,
|
||||
tx *db.SafeWTX,
|
||||
tokenGen *jwt.TokenGenerator,
|
||||
tx *sql.Tx,
|
||||
w http.ResponseWriter,
|
||||
r *http.Request,
|
||||
) (*contexts.AuthenticatedUser, error) {
|
||||
// Get token strings from cookies
|
||||
atStr, rtStr := cookies.GetTokenStrings(r)
|
||||
if atStr == "" && rtStr == "" {
|
||||
return nil, errors.New("No token strings provided")
|
||||
}
|
||||
// Attempt to parse the access token
|
||||
aT, err := jwt.ParseAccessToken(config, ctx, tx, atStr)
|
||||
aT, err := tokenGen.ValidateAccess(tx, atStr)
|
||||
if err != nil {
|
||||
// Access token invalid, attempt to parse refresh token
|
||||
rT, err := jwt.ParseRefreshToken(config, ctx, tx, rtStr)
|
||||
rT, err := tokenGen.ValidateRefresh(tx, rtStr)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "jwt.ParseRefreshToken")
|
||||
return nil, errors.Wrap(err, "tokenGen.ValidateRefresh")
|
||||
}
|
||||
// Refresh token valid, attempt to get a new token pair
|
||||
user, err := refreshAuthTokens(config, ctx, tx, w, r, rT)
|
||||
user, err := refreshAuthTokens(config, tokenGen, tx, w, r, rT)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "refreshAuthTokens")
|
||||
}
|
||||
@@ -82,9 +85,9 @@ func getAuthenticatedUser(
|
||||
return &authUser, nil
|
||||
}
|
||||
// Access token valid
|
||||
user, err := aT.GetUser(ctx, tx)
|
||||
user, err := models.GetUserFromID(tx, aT.SUB)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "aT.GetUser")
|
||||
return nil, errors.Wrap(err, "models.GetUser")
|
||||
}
|
||||
authUser := contexts.AuthenticatedUser{
|
||||
User: user,
|
||||
@@ -96,9 +99,10 @@ func getAuthenticatedUser(
|
||||
// Attempt to authenticate the user and add their account details
|
||||
// to the request context
|
||||
func Authentication(
|
||||
logger *zerolog.Logger,
|
||||
logger *hlog.Logger,
|
||||
config *config.Config,
|
||||
conn *db.SafeConn,
|
||||
conn *sql.DB,
|
||||
tokenGen *jwt.TokenGenerator,
|
||||
next http.Handler,
|
||||
maint *uint32,
|
||||
) http.Handler {
|
||||
@@ -115,7 +119,7 @@ func Authentication(
|
||||
}
|
||||
|
||||
// Start the transaction
|
||||
tx, err := conn.Begin(ctx)
|
||||
tx, err := conn.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
// Failed to start transaction, skip auth
|
||||
logger.Warn().Err(err).
|
||||
@@ -123,7 +127,7 @@ func Authentication(
|
||||
handler.ErrorPage(http.StatusServiceUnavailable, w, r)
|
||||
return
|
||||
}
|
||||
user, err := getAuthenticatedUser(config, ctx, tx, w, r)
|
||||
user, err := getAuthenticatedUser(config, tokenGen, tx, w, r)
|
||||
if err != nil {
|
||||
tx.Rollback()
|
||||
// User auth failed, delete the cookies to avoid repeat requests
|
||||
|
||||
Reference in New Issue
Block a user