From 8d85b0f87590b0941dfb2d8815aa2c7b7462a89f Mon Sep 17 00:00:00 2001 From: Vidhu Kant Sharma Date: Sun, 4 Dec 2022 19:14:41 +0530 Subject: saving and checking refreshToken in DB --- auth/jwt.go | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) (limited to 'auth/jwt.go') diff --git a/auth/jwt.go b/auth/jwt.go index 2d2ea8e..66a4f12 100644 --- a/auth/jwt.go +++ b/auth/jwt.go @@ -18,11 +18,21 @@ package auth import ( - "github.com/golang-jwt/jwt/v4" + "github.com/MikunoNaka/OpenBills-server/user" "github.com/MikunoNaka/OpenBills-server/util" + "github.com/golang-jwt/jwt/v4" + "go.mongodb.org/mongo-driver/bson" + "go.mongodb.org/mongo-driver/bson/primitive" + + "context" + "errors" "time" ) +var ( + errUserNotFound error = errors.New("user does not exist") +) + var accessSecret []byte var refreshSecret []byte func init() { @@ -56,18 +66,30 @@ func newAccessToken(userId string) (string, error) { * for enhanced security */ func newRefreshToken(userId string) (string, int64, error) { - // TODO: store in DB - expiresAt := time.Now().Add(time.Hour * 12).Unix() + // convert id from string to ObjectID + id, _ := primitive.ObjectIDFromHex(userId) + // check if user exists + var u user.User + if err := db.FindOne(context.TODO(), bson.M{"_id": id}).Decode(&u); err != nil { + return "", 0, errUserNotFound + } + + // generate refresh token + expiresAt := time.Now().Add(time.Hour * 12).Unix() claims := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims { Issuer: userId, ExpiresAt: expiresAt, }) - token, err := claims.SignedString(refreshSecret) if err != nil { return "", expiresAt, err } + // store refresh token in db with unique session name for ease in identification + sessionName := time.Now().Format("01-02-2006.15:04:05") + "-" + u.UserName + u.Sessions = append(u.Sessions, user.Session{Name: sessionName, Token: token}) + db.UpdateOne(context.TODO(), bson.M{"_id": id}, bson.D{{"$set", u}}) + return token, expiresAt, nil } -- cgit v1.2.3