added refresh token versioningv0.12.0

1 files changed, 24 insertions, 5 deletions

diff --git a/auth/controller.go b/auth/controller.go
index 7e3346e..05cdd9d 100644
--- a/auth/controller.go
+++ b/auth/controller.go
@@ -103,12 +103,13 @@ func handleSignIn (ctx *gin.Context) {
 	}
 
 	refreshToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
-		AuthClaims {
+		RefreshClaims {
 			jwt.RegisteredClaims {
 				IssuedAt: jwt.NewNumericDate(time.Now()),
 			  ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 6)),
 			},
 			u.ID,
+			u.TokenVersion,
 		},
 	).SignedString(REFRESH_KEY)
 	if err != nil {
@@ -137,13 +138,34 @@ func handleRefresh (ctx *gin.Context) {
 		return []byte(REFRESH_KEY), nil
 	})
 
-	claims, ok := tk.Claims.(*AuthClaims)
+	claims, ok := tk.Claims.(*RefreshClaims)
 	if !ok {
 		ctx.Error(errors.ErrUnauthorized)
 		ctx.Abort()
 		return
 	}
 
+	// check token version
+	var u user.User
+	err := user.GetUser(&u, claims.UserID)
+	if err != nil {
+		if err == errors.ErrNotFound {
+		  ctx.Error(errors.ErrUnauthorized)
+		  ctx.Abort()
+		  return
+		} else {
+		  ctx.Error(err)
+		  ctx.Abort()
+		  return
+		}
+	}
+	if (u.TokenVersion != claims.Version) {
+		ctx.Error(errors.ErrSessionExpired)
+		ctx.Abort()
+		return
+	}
+
+
 	if !tk.Valid {
 		eat := claims.ExpiresAt.Unix()
 		if eat != 0 && eat < time.Now().Unix() {
@@ -156,8 +178,6 @@ func handleRefresh (ctx *gin.Context) {
 		return
 	}
 
-	// TODO: if token is valid, check if user even exists before generating authToken
-
 	authToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
 		AuthClaims {
 			jwt.RegisteredClaims {
@@ -177,6 +197,5 @@ func handleRefresh (ctx *gin.Context) {
 	ctx.JSON(http.StatusOK, gin.H{
 		"auth_token": authToken,
 		"message": "success",
-		//"data": u,
 	})
 }