This repository has been archived on 2023-11-13. You can view files and clone it, but cannot push or open issues or pull requests.
imagini/internal/api/auth.go

95 lines
2.2 KiB
Go
Raw Normal View History

2021-01-16 22:00:17 +00:00
package api
2021-01-10 00:44:02 +00:00
import (
2021-02-04 10:16:13 +00:00
"errors"
"fmt"
"net/http"
"github.com/google/uuid"
"github.com/lestrrat-go/jwx/jwt"
2021-01-18 21:16:52 +00:00
2021-02-03 03:55:35 +00:00
"reichard.io/imagini/graph/model"
2021-01-10 00:44:02 +00:00
)
2021-02-04 10:16:13 +00:00
func (api *API) refreshTokens(refreshToken jwt.Token) (string, string, error) {
// Acquire User & Device
did, ok := refreshToken.Get("did")
if !ok {
return "", "", errors.New("Missing DID")
}
uid, ok := refreshToken.Get(jwt.SubjectKey)
if !ok {
return "", "", errors.New("Missing UID")
}
deviceUUID, err := uuid.Parse(fmt.Sprintf("%v", did))
if err != nil {
return "", "", errors.New("Invalid DID")
}
userUUID, err := uuid.Parse(fmt.Sprintf("%v", uid))
if err != nil {
return "", "", errors.New("Invalid UID")
}
// Device & User Skeleton
user := model.User{ID: userUUID.String()}
device := model.Device{ID: deviceUUID.String()}
// Find User
_, err = api.DB.User(&user)
if err != nil {
return "", "", err
}
// Update Access Token
accessTokenCookie, err := api.Auth.CreateJWTAccessToken(user, device)
if err != nil {
return "", "", err
}
return accessTokenCookie, "", err
2021-01-10 00:44:02 +00:00
}
2021-02-04 10:16:13 +00:00
func (api *API) validateTokens(w *http.ResponseWriter, r *http.Request) (jwt.Token, error) {
// Validate Access Token
accessCookie, _ := r.Cookie("AccessToken")
if accessCookie != nil {
accessToken, err := api.Auth.ValidateJWTAccessToken(accessCookie.Value)
if err == nil {
return accessToken, nil
}
}
// Validate Refresh Cookie Exists
refreshCookie, _ := r.Cookie("RefreshToken")
if refreshCookie == nil {
return nil, errors.New("Tokens Invalid")
}
// Validate Refresh Token
refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshCookie.Value)
if err != nil {
return nil, errors.New("Tokens Invalid")
}
// Refresh Access Token & Generate New Refresh Token
newAccessCookie, newRefreshCookie, err := api.refreshTokens(refreshToken)
if err != nil {
return nil, err
}
// TODO: Actually Refresh Refresh Token
newRefreshCookie = refreshCookie.Value
// Update Access & Refresh Cookies
http.SetCookie(*w, &http.Cookie{
Name: "AccessToken",
Value: newAccessCookie,
})
http.SetCookie(*w, &http.Cookie{
Name: "RefreshToken",
Value: newRefreshCookie,
})
return jwt.ParseBytes([]byte(newAccessCookie))
2021-01-10 00:44:02 +00:00
}