moved refresh mechanism to package auth

author: Vidhu Kant Sharma <vidhukant@vidhukant.xyz> 2023-01-29 20:45:43 +0530
committer: Vidhu Kant Sharma <vidhukant@vidhukant.xyz> 2023-01-29 20:45:43 +0530
commit: 68629768cbb7c86fd4b118e7d555450297f3fb8a (patch)
tree: e5bb06635ddf50bc58e25bae931ac453a28f844a
parent: 7ee07197f4fc5806e72a1aefd49c7a448c600cf4 (diff)
8 files changed, 41 insertions, 30 deletions
diff --git a/user/refresh.go b/auth/refresh.go
index 72a7655..6a77a78 100644
--- a/user/refresh.go
+++ b/auth/refresh.go
@@ -15,24 +15,26 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-package user
+package auth
 
 import (
 	"context"
-	"errors"
-	"fmt"
+	"github.com/MikunoNaka/OpenBills-server/database"
+	"github.com/MikunoNaka/OpenBills-server/user"
 	"github.com/MikunoNaka/OpenBills-server/util"
 	"github.com/gin-gonic/gin"
 	"github.com/golang-jwt/jwt/v4"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo"
 	"net/http"
 	"time"
 )
 
+var db *mongo.Collection = database.DB.Collection("Users")
+
 var (
-	errUserNotFound error = errors.New("user does not exist")
-	refreshSecret   []byte
+	refreshSecret []byte
 )
 
 func init() {
@@ -44,7 +46,6 @@ func init() {
 func verifyRefreshToken() gin.HandlerFunc {
 	return func(ctx *gin.Context) {
 		refreshToken, err := ctx.Cookie("refreshToken")
-		fmt.Println(refreshToken)
 		if err == nil {
 			token, err := jwt.ParseWithClaims(refreshToken, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
 				return []byte(refreshSecret), nil
@@ -56,7 +57,7 @@ func verifyRefreshToken() gin.HandlerFunc {
 				id, _ := primitive.ObjectIDFromHex(token.Claims.(*jwt.StandardClaims).Issuer)
 
 				// check if user exists
-				var u User
+				var u user.User
 				if err := db.FindOne(context.TODO(), bson.M{"_id": id}).Decode(&u); err != nil {
 					ctx.AbortWithStatusJSON(http.StatusNotFound, gin.H{"message": "user not found"})
 				} else {
@@ -92,9 +93,9 @@ func newRefreshToken(userId string) (string, int64, error) {
 	id, _ := primitive.ObjectIDFromHex(userId)
 
 	// check if user exists
-	var u User
+	var u user.User
 	if err := db.FindOne(context.TODO(), bson.M{"_id": id}).Decode(&u); err != nil {
-		return "", 0, errUserNotFound
+		return "", 0, user.ErrUserNotFound
 	}
 
 	// generate refresh token
@@ -110,7 +111,7 @@ func newRefreshToken(userId string) (string, int64, error) {
 
 	// store refresh token in db with unique session name for ease in identification
 	sessionName := time.Now().Format("01-02-2006.15:04:05") + "-" + u.UserName
-	u.Sessions = append(u.Sessions, Session{Name: sessionName, Token: token})
+	u.Sessions = append(u.Sessions, user.Session{Name: sessionName, Token: token})
 	db.UpdateOne(context.TODO(), bson.M{"_id": id}, bson.D{{"$set", u}})
 
 	return token, expiresAt, nil
diff --git a/auth/router.go b/auth/router.go
index 9fa03b7..9782915 100644
--- a/auth/router.go
+++ b/auth/router.go
@@ -19,6 +19,7 @@ package auth
 
 import (
 	"github.com/MikunoNaka/OpenBills-server/user"
+	"github.com/MikunoNaka/OpenBills-server/util"
 	"github.com/gin-gonic/gin"
 	"log"
 	"net/http"
@@ -27,16 +28,16 @@ import (
 func Routes(route *gin.Engine) {
 	r := route.Group("/auth")
 	{
-		r.POST("/login", user.checkPassword(), func(ctx *gin.Context) {
+		r.POST("/login", user.CheckPassword(), func(ctx *gin.Context) {
 			user := ctx.MustGet("user").(user.User)
 
-			accessToken, err := user.newAccessToken(user.Id.Hex())
+			accessToken, err := util.NewAccessToken(user.Id.Hex())
 			if err != nil {
 				log.Printf("Error while generating new access token: %v", err)
 				ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error (cannot login)"})
 			}
 
-			refreshToken, expiresAt, err := user.newRefreshToken(user.Id.Hex())
+			refreshToken, expiresAt, err := newRefreshToken(user.Id.Hex())
 			if err != nil {
 				log.Printf("Error while generating new refresh token: %v", err)
 				ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error (cannot login)"})
@@ -46,9 +47,9 @@ func Routes(route *gin.Engine) {
 			ctx.JSON(http.StatusOK, gin.H{"accessToken": accessToken})
 		})
 
-		r.POST("/refresh", user.verifyRefreshToken(), func(ctx *gin.Context) {
+		r.POST("/refresh", verifyRefreshToken(), func(ctx *gin.Context) {
 			u := ctx.MustGet("user").(user.User)
-			accessToken, err := util.newAccessToken(u.Id.Hex())
+			accessToken, err := util.NewAccessToken(u.Id.Hex())
 			if err != nil {
 				log.Printf("Error while generating new access token: %v", err)
 				ctx.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error (cannot refresh session)"})
diff --git a/main.go b/main.go
index d309be4..7942af7 100644
--- a/main.go
+++ b/main.go
@@ -25,6 +25,9 @@ import (
 	"github.com/MikunoNaka/OpenBills-server/item"
 	"github.com/MikunoNaka/OpenBills-server/user"
 	"github.com/MikunoNaka/OpenBills-server/util"
+	"github.com/MikunoNaka/OpenBills-server/auth"
+	"github.com/MikunoNaka/OpenBills-server/transport"
+	"github.com/MikunoNaka/OpenBills-server/transporter"
 
 	"github.com/gin-gonic/gin"
 )
@@ -38,6 +41,9 @@ func main() {
 	client.Routes(r)
 	invoice.Routes(r)
 	user.Routes(r)
+	auth.Routes(r)
+	transport.Routes(r)
+	transporter.Routes(r)
 
 	// ping server and check if logged in
 	r.POST("/ping", util.Authorize(), func(ctx *gin.Context) {
diff --git a/transporter/router.go b/transporter/router.go
index 769d7fa..8bf7728 100644
--- a/transporter/router.go
+++ b/transporter/router.go
@@ -23,7 +23,7 @@ import (
 )
 
 func Routes(route *gin.Engine) {
-	t := route.Group("/transport", util.Authorize())
+	t := route.Group("/transporter", util.Authorize())
 	{
 		t.GET("/all", getAll)
 		t.DELETE("/:transportId", remove)
diff --git a/user/password.go b/user/password.go
index d667ebc..df3811b 100644
--- a/user/password.go
+++ b/user/password.go
@@ -26,7 +26,7 @@ import (
 	"net/http"
 )
 
-func checkPassword() gin.HandlerFunc {
+func CheckPassword() gin.HandlerFunc {
 	return func(ctx *gin.Context) {
 		var u User
 		ctx.BindJSON(&u)
diff --git a/user/router.go b/user/router.go
index ad9b4df..2614bf4 100644
--- a/user/router.go
+++ b/user/router.go
@@ -27,7 +27,7 @@ func Routes(route *gin.Engine) {
 	{
 		u.GET("/", util.Authorize(), getSelf)
 		u.POST("/new", validateMiddleware(), save)
-		u.PUT("/:userId", checkPassword(), modify)
-		u.DELETE("/:userId", checkPassword(), remove)
+		u.PUT("/:userId", CheckPassword(), modify)
+		u.DELETE("/:userId", CheckPassword(), remove)
 	}
 }
diff --git a/user/user.go b/user/user.go
index 30ae333..6fc6163 100644
--- a/user/user.go
+++ b/user/user.go
@@ -18,12 +18,15 @@
 package user
 
 import (
+	"errors"
+	"github.com/MikunoNaka/OpenBills-server/database"
 	"go.mongodb.org/mongo-driver/bson/primitive"
 	"go.mongodb.org/mongo-driver/mongo"
-	"github.com/MikunoNaka/OpenBills-server/database"
-    "golang.org/x/crypto/bcrypt"
+	"golang.org/x/crypto/bcrypt"
 )
 
+var ErrUserNotFound error = errors.New("user does not exist")
+
 var db *mongo.Collection = database.DB.Collection("Users")
 
 // per-user config can be shared to DB
@@ -33,19 +36,19 @@ type Config struct {
 }
 
 type Session struct {
-	Name string `bson:"Name" json:"Name"`
+	Name  string `bson:"Name" json:"Name"`
 	Token string `bson:"Token" json:"Token"`
 }
 
 type User struct {
-    Id   primitive.ObjectID `bson:"_id,omitempty" json:"Id"`
-    UserName string         `bson:"UserName" json:"UserName"`
-    Email    string         `bson:"Email" json:"Email"`
-    Password string         `bson:"Password" json:"Password"`
-	Config   Config         `bson:"Config" json:"Config"`
-	Sessions []Session      `bson:"Sessions" json:"Sessions"`
+	Id       primitive.ObjectID `bson:"_id,omitempty" json:"Id"`
+	UserName string             `bson:"UserName" json:"UserName"`
+	Email    string             `bson:"Email" json:"Email"`
+	Password string             `bson:"Password" json:"Password"`
+	Config   Config             `bson:"Config" json:"Config"`
+	Sessions []Session          `bson:"Sessions" json:"Sessions"`
 	// some actions are only available when email is verified
-	Verified bool           `bson:"Verified" json:"Verified"`
+	Verified bool `bson:"Verified" json:"Verified"`
 }
 
 func (u *User) hashPassword() error {
diff --git a/util/authorize.go b/util/authorize.go
index ca6660e..6fb7a0c 100644
--- a/util/authorize.go
+++ b/util/authorize.go
@@ -53,7 +53,7 @@ func Authorize() gin.HandlerFunc {
 }
 
 // generate new access token
-func newAccessToken(userId string) (string, error) {
+func NewAccessToken(userId string) (string, error) {
 	claims := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
 		Issuer:    userId,
 		ExpiresAt: time.Now().Add(time.Second * 15).Unix(),
author	Vidhu Kant Sharma <vidhukant@vidhukant.xyz>	2023-01-29 20:45:43 +0530
committer	Vidhu Kant Sharma <vidhukant@vidhukant.xyz>	2023-01-29 20:45:43 +0530
commit	68629768cbb7c86fd4b118e7d555450297f3fb8a (patch)
tree	e5bb06635ddf50bc58e25bae931ac453a28f844a
parent	7ee07197f4fc5806e72a1aefd49c7a448c600cf4 (diff)