Update authentication, reauth, logout to use new transactions

handlers/logout.go

@@ -1,41 +1,79 @@
 package handlers
 
 import (
-	"database/sql"
+	"context"
 	"net/http"
+	"strings"
+
 	"projectreshoot/config"
 	"projectreshoot/cookies"
+	"projectreshoot/db"
 	"projectreshoot/jwt"
 
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 )
 
+func revokeAccess(
+	config *config.Config,
+	ctx context.Context,
+	tx *db.SafeTX,
+	atStr string,
+) error {
+	aT, err := jwt.ParseAccessToken(config, ctx, tx, atStr)
+	if err != nil {
+		if strings.Contains(err.Error(), "Token is expired") ||
+			strings.Contains(err.Error(), "Token has been revoked") {
+			return nil // Token is expired, dont need to revoke it
+		}
+		return errors.Wrap(err, "jwt.ParseAccessToken")
+	}
+	err = jwt.RevokeToken(ctx, tx, aT)
+	if err != nil {
+		return errors.Wrap(err, "jwt.RevokeToken")
+	}
+	return nil
+}
+
+func revokeRefresh(
+	config *config.Config,
+	ctx context.Context,
+	tx *db.SafeTX,
+	rtStr string,
+) error {
+	rT, err := jwt.ParseRefreshToken(config, ctx, tx, rtStr)
+	if err != nil {
+		if strings.Contains(err.Error(), "Token is expired") ||
+			strings.Contains(err.Error(), "Token has been revoked") {
+			return nil // Token is expired, dont need to revoke it
+		}
+		return errors.Wrap(err, "jwt.ParseRefreshToken")
+	}
+	err = jwt.RevokeToken(ctx, tx, rT)
+	if err != nil {
+		return errors.Wrap(err, "jwt.RevokeToken")
+	}
+	return nil
+}
+
 // Retrieve and revoke the user's tokens
 func revokeTokens(
 	config *config.Config,
-	conn *sql.DB,
+	ctx context.Context,
+	tx *db.SafeTX,
 	r *http.Request,
 ) error {
 	// get the tokens from the cookies
 	atStr, rtStr := cookies.GetTokenStrings(r)
-	aT, err := jwt.ParseAccessToken(config, conn, atStr)
-	if err != nil {
-		return errors.Wrap(err, "jwt.ParseAccessToken")
-	}
-	rT, err := jwt.ParseRefreshToken(config, conn, rtStr)
-	if err != nil {
-		return errors.Wrap(err, "jwt.ParseRefreshToken")
-	}
 	// revoke the refresh token first as the access token expires quicker
 	// only matters if there is an error revoking the tokens
-	err = jwt.RevokeToken(conn, rT)
+	err := revokeRefresh(config, ctx, tx, rtStr)
 	if err != nil {
-		return errors.Wrap(err, "jwt.RevokeToken")
+		return errors.Wrap(err, "revokeRefresh")
 	}
-	err = jwt.RevokeToken(conn, aT)
+	err = revokeAccess(config, ctx, tx, atStr)
 	if err != nil {
-		return errors.Wrap(err, "jwt.RevokeToken")
+		return errors.Wrap(err, "revokeAccess")
 	}
 	return nil
 }
@@ -44,19 +82,24 @@ func revokeTokens(
 func HandleLogout(
 	config *config.Config,
 	logger *zerolog.Logger,
-	conn *sql.DB,
+	conn *db.SafeConn,
 ) http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
-			err := revokeTokens(config, conn, r)
-			if err != nil {
-				logger.Error().Err(err).Msg("Error occured on user logout")
-				w.WriteHeader(http.StatusInternalServerError)
-				return
-			}
-			cookies.DeleteCookie(w, "access", "/")
-			cookies.DeleteCookie(w, "refresh", "/")
-			w.Header().Set("HX-Redirect", "/login")
+			WithTransaction(w, r, logger, conn,
+				func(ctx context.Context, tx *db.SafeTX, w http.ResponseWriter, r *http.Request) {
+					err := revokeTokens(config, ctx, tx, r)
+					if err != nil {
+						tx.Rollback()
+						logger.Error().Err(err).Msg("Error occured on user logout")
+						w.WriteHeader(http.StatusInternalServerError)
+						return
+					}
+					tx.Commit()
+					cookies.DeleteCookie(w, "access", "/")
+					cookies.DeleteCookie(w, "refresh", "/")
+					w.Header().Set("HX-Redirect", "/login")
+				})
 		},
 	)
 }

handlers/reauthenticatate.go

@@ -1,12 +1,13 @@
 package handlers
 
 import (
-	"database/sql"
+	"context"
 	"net/http"
 
 	"projectreshoot/config"
 	"projectreshoot/contexts"
 	"projectreshoot/cookies"
+	"projectreshoot/db"
 	"projectreshoot/jwt"
 	"projectreshoot/view/component/form"
 
@@ -17,16 +18,17 @@ import (
 // Get the tokens from the request
 func getTokens(
 	config *config.Config,
-	conn *sql.DB,
+	ctx context.Context,
+	tx *db.SafeTX,
 	r *http.Request,
 ) (*jwt.AccessToken, *jwt.RefreshToken, error) {
 	// get the existing tokens from the cookies
 	atStr, rtStr := cookies.GetTokenStrings(r)
-	aT, err := jwt.ParseAccessToken(config, conn, atStr)
+	aT, err := jwt.ParseAccessToken(config, ctx, tx, atStr)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "jwt.ParseAccessToken")
 	}
-	rT, err := jwt.ParseRefreshToken(config, conn, rtStr)
+	rT, err := jwt.ParseRefreshToken(config, ctx, tx, rtStr)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "jwt.ParseRefreshToken")
 	}
@@ -35,15 +37,16 @@ func getTokens(
 
 // Revoke the given token pair
 func revokeTokenPair(
-	conn *sql.DB,
+	ctx context.Context,
+	tx *db.SafeTX,
 	aT *jwt.AccessToken,
 	rT *jwt.RefreshToken,
 ) error {
-	err := jwt.RevokeToken(conn, aT)
+	err := jwt.RevokeToken(ctx, tx, aT)
 	if err != nil {
 		return errors.Wrap(err, "jwt.RevokeToken")
 	}
-	err = jwt.RevokeToken(conn, rT)
+	err = jwt.RevokeToken(ctx, tx, rT)
 	if err != nil {
 		return errors.Wrap(err, "jwt.RevokeToken")
 	}
@@ -53,11 +56,12 @@ func revokeTokenPair(
 // Issue new tokens for the user, invalidating the old ones
 func refreshTokens(
 	config *config.Config,
-	conn *sql.DB,
+	ctx context.Context,
+	tx *db.SafeTX,
 	w http.ResponseWriter,
 	r *http.Request,
 ) error {
-	aT, rT, err := getTokens(config, conn, r)
+	aT, rT, err := getTokens(config, ctx, tx, r)
 	if err != nil {
 		return errors.Wrap(err, "getTokens")
 	}
@@ -71,7 +75,7 @@ func refreshTokens(
 	if err != nil {
 		return errors.Wrap(err, "cookies.SetTokenCookies")
 	}
-	err = revokeTokenPair(conn, aT, rT)
+	err = revokeTokenPair(ctx, tx, aT, rT)
 	if err != nil {
 		return errors.Wrap(err, "revokeTokenPair")
 	}
@@ -97,23 +101,29 @@ func validatePassword(
 func HandleReauthenticate(
 	logger *zerolog.Logger,
 	config *config.Config,
-	conn *sql.DB,
+	conn *db.SafeConn,
 ) http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
-			err := validatePassword(r)
-			if err != nil {
-				w.WriteHeader(445)
-				form.ConfirmPassword("Incorrect password").Render(r.Context(), w)
-				return
-			}
-			err = refreshTokens(config, conn, w, r)
-			if err != nil {
-				logger.Error().Err(err).Msg("Failed to refresh user tokens")
-				w.WriteHeader(http.StatusInternalServerError)
-				return
-			}
-			w.WriteHeader(http.StatusOK)
+			WithTransaction(w, r, logger, conn,
+				func(ctx context.Context, tx *db.SafeTX, w http.ResponseWriter, r *http.Request) {
+					err := validatePassword(r)
+					if err != nil {
+						tx.Rollback()
+						w.WriteHeader(445)
+						form.ConfirmPassword("Incorrect password").Render(r.Context(), w)
+						return
+					}
+					err = refreshTokens(config, ctx, tx, w, r)
+					if err != nil {
+						tx.Rollback()
+						logger.Error().Err(err).Msg("Failed to refresh user tokens")
+						w.WriteHeader(http.StatusInternalServerError)
+						return
+					}
+					tx.Commit()
+					w.WriteHeader(http.StatusOK)
+				})
 		},
 	)
 }

handlers/withtransaction.go

@@ -0,0 +1,47 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"projectreshoot/db"
+	"projectreshoot/view/page"
+
+	"github.com/rs/zerolog"
+)
+
+// A helper function to create a transaction with a cancellable context.
+func WithTransaction(
+	w http.ResponseWriter,
+	r *http.Request,
+	logger *zerolog.Logger,
+	conn *db.SafeConn,
+	handler func(
+		ctx context.Context,
+		tx *db.SafeTX,
+		w http.ResponseWriter,
+		r *http.Request,
+	),
+) {
+	// Create a cancellable context from the request context
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	// Start the transaction
+	tx, err := conn.Begin(ctx)
+	if err != nil {
+		tx.Rollback()
+		logger.Warn().Err(err).Msg("Request failed to start a transaction")
+		w.WriteHeader(http.StatusServiceUnavailable)
+		page.Error(
+			"503",
+			http.StatusText(503),
+			"This service is currently unavailable. It could be down for maintenance").
+			Render(r.Context(), w)
+		return
+	}
+
+	// Pass the context and transaction to the handler
+	handler(ctx, tx, w, r)
+}