This repository has been archived on 2023-11-13. You can view files and clone it, but cannot push or open issues or pull requests.
imagini/internal/api/auth.go

115 lines
2.8 KiB
Go
Raw Permalink Normal View History

2021-02-11 20:47:42 +00:00
package api
import (
"errors"
"fmt"
"net/http"
"github.com/google/uuid"
"github.com/lestrrat-go/jwx/jwt"
"reichard.io/imagini/graph/model"
)
func (api *API) refreshTokens(refreshToken jwt.Token) (string, string, error) {
// Acquire User & Device
did, ok := refreshToken.Get("did")
if !ok {
return "", "", errors.New("Missing DID")
}
uid, ok := refreshToken.Get(jwt.SubjectKey)
if !ok {
return "", "", errors.New("Missing UID")
}
deviceUUID, err := uuid.Parse(fmt.Sprintf("%v", did))
if err != nil {
return "", "", errors.New("Invalid DID")
}
userUUID, err := uuid.Parse(fmt.Sprintf("%v", uid))
if err != nil {
return "", "", errors.New("Invalid UID")
}
// Device & User Skeleton
user := model.User{ID: userUUID.String()}
device := model.Device{ID: deviceUUID.String()}
// Find User
_, err = api.DB.User(&user)
if err != nil {
return "", "", err
}
// Update Access Token
2021-02-20 19:10:25 +00:00
accessToken, err := api.Auth.CreateJWTAccessToken(user, device)
2021-02-11 20:47:42 +00:00
if err != nil {
return "", "", err
}
2021-02-20 19:10:25 +00:00
return accessToken, "", err
2021-02-11 20:47:42 +00:00
}
func (api *API) validateTokens(w *http.ResponseWriter, r *http.Request) (jwt.Token, error) {
2021-02-20 19:10:25 +00:00
accessTokenHeader := r.Header.Get("X-Imagini-AccessToken")
if accessTokenHeader != "" {
accessToken, err := api.Auth.ValidateJWTAccessToken(accessTokenHeader)
2021-02-11 20:47:42 +00:00
if err == nil {
return accessToken, nil
}
}
2021-02-20 19:10:25 +00:00
refreshTokenHeader := r.Header.Get("X-Imagini-RefreshToken")
if refreshTokenHeader == "" {
2021-02-11 20:47:42 +00:00
return nil, errors.New("Tokens Invalid")
}
2021-02-20 19:10:25 +00:00
// Validate Access Token
// accessCookie, _ := r.Cookie("AccessToken")
// if accessCookie != nil {
// accessToken, err := api.Auth.ValidateJWTAccessToken(accessCookie.Value)
// if err == nil {
// return accessToken, nil
// }
// }
// Validate Refresh Cookie Exists
// refreshCookie, _ := r.Cookie("RefreshToken")
// if refreshCookie == nil {
// return nil, errors.New("Tokens Invalid")
// }
2021-02-11 20:47:42 +00:00
// Validate Refresh Token
2021-02-20 19:10:25 +00:00
// refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshCookie.Value)
refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshTokenHeader)
2021-02-11 20:47:42 +00:00
if err != nil {
return nil, errors.New("Tokens Invalid")
}
// Refresh Access Token & Generate New Refresh Token
newAccessToken, newRefreshToken, err := api.refreshTokens(refreshToken)
if err != nil {
return nil, err
}
// TODO: Actually Refresh Refresh Token
2021-02-20 19:10:25 +00:00
// newRefreshToken = refreshCookie.Value
newRefreshToken = refreshTokenHeader
2021-02-11 20:47:42 +00:00
// Set appropriate cookies (TODO: Only for web!)
// Update Access & Refresh Cookies
2021-02-20 19:10:25 +00:00
// http.SetCookie(*w, &http.Cookie{
// Name: "AccessToken",
// Value: newAccessToken,
// })
// http.SetCookie(*w, &http.Cookie{
// Name: "RefreshToken",
// Value: newRefreshToken,
// })
2021-02-11 20:47:42 +00:00
(*w).Header().Set("X-Imagini-AccessToken", newAccessToken)
(*w).Header().Set("X-Imagini-RefreshToken", newRefreshToken)
return jwt.ParseBytes([]byte(newAccessToken))
}