mirror of
https://github.com/get-drexa/drive.git
synced 2025-12-05 07:41:39 +00:00
feat: impl refresh token rotation
This commit is contained in:
@@ -2,6 +2,7 @@ package auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log/slog"
|
||||
|
||||
"github.com/get-drexa/drexa/internal/httperr"
|
||||
"github.com/get-drexa/drexa/internal/user"
|
||||
@@ -20,6 +21,15 @@ type loginResponse struct {
|
||||
RefreshToken string `json:"refreshToken"`
|
||||
}
|
||||
|
||||
type refreshAccessTokenRequest struct {
|
||||
RefreshToken string `json:"refreshToken"`
|
||||
}
|
||||
|
||||
type tokenResponse struct {
|
||||
AccessToken string `json:"accessToken"`
|
||||
RefreshToken string `json:"refreshToken"`
|
||||
}
|
||||
|
||||
type HTTPHandler struct {
|
||||
service *Service
|
||||
db *bun.DB
|
||||
@@ -32,6 +42,7 @@ func NewHTTPHandler(s *Service, db *bun.DB) *HTTPHandler {
|
||||
func (h *HTTPHandler) RegisterRoutes(api fiber.Router) {
|
||||
auth := api.Group("/auth")
|
||||
auth.Post("/login", h.Login)
|
||||
auth.Post("/tokens", h.refreshAccessToken)
|
||||
}
|
||||
|
||||
func (h *HTTPHandler) Login(c *fiber.Ctx) error {
|
||||
@@ -46,7 +57,7 @@ func (h *HTTPHandler) Login(c *fiber.Ctx) error {
|
||||
}
|
||||
defer tx.Rollback()
|
||||
|
||||
result, err := h.service.AuthenticateWithEmailAndPassword(c.Context(), tx, req.Email, req.Password)
|
||||
result, err := h.service.LoginWithEmailAndPassword(c.Context(), tx, req.Email, req.Password)
|
||||
if err != nil {
|
||||
if errors.Is(err, ErrInvalidCredentials) {
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Invalid credentials"})
|
||||
@@ -64,3 +75,37 @@ func (h *HTTPHandler) Login(c *fiber.Ctx) error {
|
||||
RefreshToken: result.RefreshToken,
|
||||
})
|
||||
}
|
||||
|
||||
func (h *HTTPHandler) refreshAccessToken(c *fiber.Ctx) error {
|
||||
req := new(refreshAccessTokenRequest)
|
||||
if err := c.BodyParser(req); err != nil {
|
||||
return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{"error": "Invalid request"})
|
||||
}
|
||||
|
||||
tx, err := h.db.BeginTx(c.Context(), nil)
|
||||
if err != nil {
|
||||
return httperr.Internal(err)
|
||||
}
|
||||
defer tx.Rollback()
|
||||
|
||||
result, err := h.service.RefreshAccessToken(c.Context(), tx, req.RefreshToken)
|
||||
if err != nil {
|
||||
if errors.Is(err, ErrInvalidRefreshToken) ||
|
||||
errors.Is(err, ErrRefreshTokenExpired) ||
|
||||
errors.Is(err, ErrRefreshTokenReused) {
|
||||
_ = tx.Commit()
|
||||
slog.Info("invalid refresh token", "error", err)
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "invalid refresh token"})
|
||||
}
|
||||
return httperr.Internal(err)
|
||||
}
|
||||
|
||||
if err := tx.Commit(); err != nil {
|
||||
return httperr.Internal(err)
|
||||
}
|
||||
|
||||
return c.JSON(tokenResponse{
|
||||
AccessToken: result.AccessToken,
|
||||
RefreshToken: result.RefreshToken,
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user