modularised webserver and auth systems

internal/handler/reauthenticatate.go

@@ -6,90 +6,23 @@ import (
 	"net/http"
 	"time"
 
-	"projectreshoot/internal/config"
+	"git.haelnorr.com/h/golib/hws"
+	"git.haelnorr.com/h/golib/hwsauth"
+	"projectreshoot/internal/models"
 	"projectreshoot/internal/view/component/form"
-	"projectreshoot/pkg/contexts"
-
-	"git.haelnorr.com/h/golib/hlog"
-	"git.haelnorr.com/h/golib/jwt"
 
 	"github.com/pkg/errors"
 )
 
-// Get the tokens from the request
-func getTokens(
-	tokenGen *jwt.TokenGenerator,
-	tx *sql.Tx,
-	r *http.Request,
-) (*jwt.AccessToken, *jwt.RefreshToken, error) {
-	// get the existing tokens from the cookies
-	atStr, rtStr := jwt.GetTokenCookies(r)
-	aT, err := tokenGen.ValidateAccess(tx, atStr)
-	if err != nil {
-		return nil, nil, errors.Wrap(err, "tokenGen.ValidateAccess")
-	}
-	rT, err := tokenGen.ValidateRefresh(tx, rtStr)
-	if err != nil {
-		return nil, nil, errors.Wrap(err, "tokenGen.ValidateRefresh")
-	}
-	return aT, rT, nil
-}
-
-// Revoke the given token pair
-func revokeTokenPair(
-	tx *sql.Tx,
-	aT *jwt.AccessToken,
-	rT *jwt.RefreshToken,
-) error {
-	err := aT.Revoke(tx)
-	if err != nil {
-		return errors.Wrap(err, "aT.Revoke")
-	}
-	err = rT.Revoke(tx)
-	if err != nil {
-		return errors.Wrap(err, "rT.Revoke")
-	}
-	return nil
-}
-
-// Issue new tokens for the user, invalidating the old ones
-func refreshTokens(
-	config *config.Config,
-	tokenGen *jwt.TokenGenerator,
-	tx *sql.Tx,
-	w http.ResponseWriter,
-	r *http.Request,
-) error {
-	aT, rT, err := getTokens(tokenGen, tx, r)
-	if err != nil {
-		return errors.Wrap(err, "getTokens")
-	}
-	rememberMe := map[string]bool{
-		"session": false,
-		"exp":     true,
-	}[aT.TTL]
-	// issue new tokens for the user
-	user := contexts.GetUser(r.Context())
-	err = jwt.SetTokenCookies(w, r, tokenGen, user.ID, true, rememberMe, config.SSL)
-	if err != nil {
-		return errors.Wrap(err, "cookies.SetTokenCookies")
-	}
-	err = revokeTokenPair(tx, aT, rT)
-	if err != nil {
-		return errors.Wrap(err, "revokeTokenPair")
-	}
-
-	return nil
-}
-
 // Validate the provided password
 func validatePassword(
+	auth *hwsauth.Authenticator[*models.User],
 	tx *sql.Tx,
 	r *http.Request,
 ) error {
 	r.ParseForm()
 	password := r.FormValue("password")
-	user := contexts.GetUser(r.Context())
+	user := auth.CurrentModel(r.Context())
 	err := user.CheckPassword(tx, password)
 	if err != nil {
 		return errors.Wrap(err, "user.CheckPassword")
@@ -99,10 +32,9 @@ func validatePassword(
 
 // Handle request to reauthenticate (i.e. make token fresh again)
 func Reauthenticate(
-	logger *hlog.Logger,
-	config *config.Config,
+	server *hws.Server,
+	auth *hwsauth.Authenticator[*models.User],
 	conn *sql.DB,
-	tokenGen *jwt.TokenGenerator,
 ) http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
@@ -112,21 +44,19 @@ func Reauthenticate(
 			// Start the transaction
 			tx, err := conn.BeginTx(ctx, nil)
 			if err != nil {
-				logger.Error().Err(err).Msg("Failed to start transaction")
-				w.WriteHeader(http.StatusInternalServerError)
+				server.ThrowError(w, r, hws.NewError(http.StatusInternalServerError, "Failed to start transaction", err))
 				return
 			}
 			defer tx.Rollback()
-			err = validatePassword(tx, r)
+			err = validatePassword(auth, tx, r)
 			if err != nil {
 				w.WriteHeader(445)
 				form.ConfirmPassword("Incorrect password").Render(r.Context(), w)
 				return
 			}
-			err = refreshTokens(config, tokenGen, tx, w, r)
+			err = auth.RefreshAuthTokens(tx, w, r)
 			if err != nil {
-				logger.Error().Err(err).Msg("Failed to refresh user tokens")
-				w.WriteHeader(http.StatusInternalServerError)
+				server.ThrowError(w, r, hws.NewError(http.StatusInternalServerError, "Failed to refresh user tokens", err))
 				return
 			}
 			tx.Commit()