summaryrefslogtreecommitdiff
path: root/auth/refresh_middleware.go
diff options
context:
space:
mode:
Diffstat (limited to 'auth/refresh_middleware.go')
-rw-r--r--auth/refresh_middleware.go47
1 files changed, 47 insertions, 0 deletions
diff --git a/auth/refresh_middleware.go b/auth/refresh_middleware.go
new file mode 100644
index 0000000..00f73bf
--- /dev/null
+++ b/auth/refresh_middleware.go
@@ -0,0 +1,47 @@
+package auth
+
+import (
+ "github.com/golang-jwt/jwt/v4"
+ "go.mongodb.org/mongo-driver/bson/primitive"
+ "go.mongodb.org/mongo-driver/bson"
+ "github.com/MikunoNaka/OpenBills-server/user"
+ "github.com/gin-gonic/gin"
+ "context"
+ "net/http"
+)
+
+func verifyRefreshToken() gin.HandlerFunc {
+ return func(ctx *gin.Context) {
+ refreshToken, err := ctx.Cookie("refreshToken")
+ if err == nil {
+ token, err := jwt.ParseWithClaims(refreshToken, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
+ return []byte(refreshSecret), nil
+ })
+ if err != nil { // invalid token
+ ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "refresh token expired"})
+ } else { // valid token
+ // convert id from string to ObjectID
+ id, _ := primitive.ObjectIDFromHex(token.Claims.(*jwt.StandardClaims).Issuer)
+
+ // check if user exists
+ var u user.User
+ if err := db.FindOne(context.TODO(), bson.M{"_id": id}).Decode(&u); err != nil {
+ ctx.AbortWithStatusJSON(http.StatusNotFound, gin.H{"message": "user not found"})
+ } else {
+ // check if this refreshToken is in DB
+ for _, i := range u.Sessions {
+ if i.Token == refreshToken {
+ ctx.Set("user", u)
+ ctx.Next()
+ } else {
+ ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "refresh token expired"})
+ }
+ }
+ }
+ }
+ } else {
+ // invalid Authorization header
+ ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "not logged in"})
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 01:46:05 +0000