115 lines
2.8 KiB
Go
115 lines
2.8 KiB
Go
package api
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/lestrrat-go/jwx/jwt"
|
|
|
|
"reichard.io/imagini/graph/model"
|
|
)
|
|
|
|
func (api *API) refreshTokens(refreshToken jwt.Token) (string, string, error) {
|
|
// Acquire User & Device
|
|
did, ok := refreshToken.Get("did")
|
|
if !ok {
|
|
return "", "", errors.New("Missing DID")
|
|
}
|
|
uid, ok := refreshToken.Get(jwt.SubjectKey)
|
|
if !ok {
|
|
return "", "", errors.New("Missing UID")
|
|
}
|
|
deviceUUID, err := uuid.Parse(fmt.Sprintf("%v", did))
|
|
if err != nil {
|
|
return "", "", errors.New("Invalid DID")
|
|
}
|
|
userUUID, err := uuid.Parse(fmt.Sprintf("%v", uid))
|
|
if err != nil {
|
|
return "", "", errors.New("Invalid UID")
|
|
}
|
|
|
|
// Device & User Skeleton
|
|
user := model.User{ID: userUUID.String()}
|
|
device := model.Device{ID: deviceUUID.String()}
|
|
|
|
// Find User
|
|
_, err = api.DB.User(&user)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
// Update Access Token
|
|
accessToken, err := api.Auth.CreateJWTAccessToken(user, device)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
return accessToken, "", err
|
|
}
|
|
|
|
func (api *API) validateTokens(w *http.ResponseWriter, r *http.Request) (jwt.Token, error) {
|
|
accessTokenHeader := r.Header.Get("X-Imagini-AccessToken")
|
|
if accessTokenHeader != "" {
|
|
accessToken, err := api.Auth.ValidateJWTAccessToken(accessTokenHeader)
|
|
if err == nil {
|
|
return accessToken, nil
|
|
}
|
|
}
|
|
|
|
refreshTokenHeader := r.Header.Get("X-Imagini-RefreshToken")
|
|
if refreshTokenHeader == "" {
|
|
return nil, errors.New("Tokens Invalid")
|
|
}
|
|
|
|
// Validate Access Token
|
|
// accessCookie, _ := r.Cookie("AccessToken")
|
|
// if accessCookie != nil {
|
|
// accessToken, err := api.Auth.ValidateJWTAccessToken(accessCookie.Value)
|
|
// if err == nil {
|
|
// return accessToken, nil
|
|
// }
|
|
// }
|
|
|
|
// Validate Refresh Cookie Exists
|
|
// refreshCookie, _ := r.Cookie("RefreshToken")
|
|
// if refreshCookie == nil {
|
|
// return nil, errors.New("Tokens Invalid")
|
|
// }
|
|
|
|
// Validate Refresh Token
|
|
// refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshCookie.Value)
|
|
refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshTokenHeader)
|
|
if err != nil {
|
|
return nil, errors.New("Tokens Invalid")
|
|
}
|
|
|
|
// Refresh Access Token & Generate New Refresh Token
|
|
newAccessToken, newRefreshToken, err := api.refreshTokens(refreshToken)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO: Actually Refresh Refresh Token
|
|
// newRefreshToken = refreshCookie.Value
|
|
newRefreshToken = refreshTokenHeader
|
|
|
|
// Set appropriate cookies (TODO: Only for web!)
|
|
|
|
// Update Access & Refresh Cookies
|
|
// http.SetCookie(*w, &http.Cookie{
|
|
// Name: "AccessToken",
|
|
// Value: newAccessToken,
|
|
// })
|
|
// http.SetCookie(*w, &http.Cookie{
|
|
// Name: "RefreshToken",
|
|
// Value: newRefreshToken,
|
|
// })
|
|
|
|
(*w).Header().Set("X-Imagini-AccessToken", newAccessToken)
|
|
(*w).Header().Set("X-Imagini-RefreshToken", newRefreshToken)
|
|
|
|
return jwt.ParseBytes([]byte(newAccessToken))
|
|
}
|