summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
authorVidhu Kant Sharma <vidhukant@vidhukant.xyz>2023-01-29 20:45:43 +0530
committerVidhu Kant Sharma <vidhukant@vidhukant.xyz>2023-01-29 20:45:43 +0530
commit68629768cbb7c86fd4b118e7d555450297f3fb8a (patch)
treee5bb06635ddf50bc58e25bae931ac453a28f844a /user
parent7ee07197f4fc5806e72a1aefd49c7a448c600cf4 (diff)
moved refresh mechanism to package auth
Diffstat (limited to 'user')
-rw-r--r--user/password.go2
-rw-r--r--user/refresh.go117
-rw-r--r--user/router.go4
-rw-r--r--user/user.go23
4 files changed, 16 insertions, 130 deletions
diff --git a/user/password.go b/user/password.go
index d667ebc..df3811b 100644
--- a/user/password.go
+++ b/user/password.go
@@ -26,7 +26,7 @@ import (
"net/http"
)
-func checkPassword() gin.HandlerFunc {
+func CheckPassword() gin.HandlerFunc {
return func(ctx *gin.Context) {
var u User
ctx.BindJSON(&u)
diff --git a/user/refresh.go b/user/refresh.go
deleted file mode 100644
index 72a7655..0000000
--- a/user/refresh.go
+++ /dev/null
@@ -1,117 +0,0 @@
-/* OpenBills-server - Server for libre billing software OpenBills-web
- * Copyright (C) 2022 Vidhu Kant Sharma <vidhukant@vidhukant.xyz>
-
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-package user
-
-import (
- "context"
- "errors"
- "fmt"
- "github.com/MikunoNaka/OpenBills-server/util"
- "github.com/gin-gonic/gin"
- "github.com/golang-jwt/jwt/v4"
- "go.mongodb.org/mongo-driver/bson"
- "go.mongodb.org/mongo-driver/bson/primitive"
- "net/http"
- "time"
-)
-
-var (
- errUserNotFound error = errors.New("user does not exist")
- refreshSecret []byte
-)
-
-func init() {
- conf := util.GetConfig().Crypto
- refreshSecret = []byte(conf.RefreshTokenSecret)
-}
-
-// middleware to check refresh token
-func verifyRefreshToken() gin.HandlerFunc {
- return func(ctx *gin.Context) {
- refreshToken, err := ctx.Cookie("refreshToken")
- fmt.Println(refreshToken)
- if err == nil {
- token, err := jwt.ParseWithClaims(refreshToken, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
- return []byte(refreshSecret), nil
- })
- if err != nil { // invalid token
- ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "invalid token"})
- } else { // valid token
- // convert id from string to ObjectID
- id, _ := primitive.ObjectIDFromHex(token.Claims.(*jwt.StandardClaims).Issuer)
-
- // check if user exists
- var u User
- if err := db.FindOne(context.TODO(), bson.M{"_id": id}).Decode(&u); err != nil {
- ctx.AbortWithStatusJSON(http.StatusNotFound, gin.H{"message": "user not found"})
- } else {
- // check if this refreshToken is in DB
- for _, i := range u.Sessions {
- if i.Token == refreshToken {
- ctx.Set("user", u)
- ctx.Next()
- }
- }
- ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "refresh token expired"})
- }
- }
- } else {
- // invalid Authorization header
- ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "not logged in"})
- }
- }
-}
-
-/*
- * the refresh token has a long lifespan and is stored in
- * the database in case it needs to be revoked.
- *
- * this can be stored as an HTTP only cookie and will be used
- * when creating a new access token
- *
- * I'm using a different secret key for refresh tokens
- * for enhanced security
- */
-func newRefreshToken(userId string) (string, int64, error) {
- // convert id from string to ObjectID
- id, _ := primitive.ObjectIDFromHex(userId)
-
- // check if user exists
- var u User
- if err := db.FindOne(context.TODO(), bson.M{"_id": id}).Decode(&u); err != nil {
- return "", 0, errUserNotFound
- }
-
- // generate refresh token
- expiresAt := time.Now().Add(time.Hour * 12).Unix()
- claims := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
- Issuer: userId,
- ExpiresAt: expiresAt,
- })
- token, err := claims.SignedString(refreshSecret)
- if err != nil {
- return "", expiresAt, err
- }
-
- // store refresh token in db with unique session name for ease in identification
- sessionName := time.Now().Format("01-02-2006.15:04:05") + "-" + u.UserName
- u.Sessions = append(u.Sessions, Session{Name: sessionName, Token: token})
- db.UpdateOne(context.TODO(), bson.M{"_id": id}, bson.D{{"$set", u}})
-
- return token, expiresAt, nil
-}
diff --git a/user/router.go b/user/router.go
index ad9b4df..2614bf4 100644
--- a/user/router.go
+++ b/user/router.go
@@ -27,7 +27,7 @@ func Routes(route *gin.Engine) {
{
u.GET("/", util.Authorize(), getSelf)
u.POST("/new", validateMiddleware(), save)
- u.PUT("/:userId", checkPassword(), modify)
- u.DELETE("/:userId", checkPassword(), remove)
+ u.PUT("/:userId", CheckPassword(), modify)
+ u.DELETE("/:userId", CheckPassword(), remove)
}
}
diff --git a/user/user.go b/user/user.go
index 30ae333..6fc6163 100644
--- a/user/user.go
+++ b/user/user.go
@@ -18,12 +18,15 @@
package user
import (
+ "errors"
+ "github.com/MikunoNaka/OpenBills-server/database"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo"
- "github.com/MikunoNaka/OpenBills-server/database"
- "golang.org/x/crypto/bcrypt"
+ "golang.org/x/crypto/bcrypt"
)
+var ErrUserNotFound error = errors.New("user does not exist")
+
var db *mongo.Collection = database.DB.Collection("Users")
// per-user config can be shared to DB
@@ -33,19 +36,19 @@ type Config struct {
}
type Session struct {
- Name string `bson:"Name" json:"Name"`
+ Name string `bson:"Name" json:"Name"`
Token string `bson:"Token" json:"Token"`
}
type User struct {
- Id primitive.ObjectID `bson:"_id,omitempty" json:"Id"`
- UserName string `bson:"UserName" json:"UserName"`
- Email string `bson:"Email" json:"Email"`
- Password string `bson:"Password" json:"Password"`
- Config Config `bson:"Config" json:"Config"`
- Sessions []Session `bson:"Sessions" json:"Sessions"`
+ Id primitive.ObjectID `bson:"_id,omitempty" json:"Id"`
+ UserName string `bson:"UserName" json:"UserName"`
+ Email string `bson:"Email" json:"Email"`
+ Password string `bson:"Password" json:"Password"`
+ Config Config `bson:"Config" json:"Config"`
+ Sessions []Session `bson:"Sessions" json:"Sessions"`
// some actions are only available when email is verified
- Verified bool `bson:"Verified" json:"Verified"`
+ Verified bool `bson:"Verified" json:"Verified"`
}
func (u *User) hashPassword() error {