aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth.go6
-rw-r--r--auth/controller.go29
2 files changed, 30 insertions, 5 deletions
diff --git a/auth/auth.go b/auth/auth.go
index 7116a2c..4ac6445 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -26,6 +26,12 @@ type AuthClaims struct {
UserID uint `json:"userid"`
}
+type RefreshClaims struct {
+ jwt.RegisteredClaims
+ UserID uint `json:"userid"`
+ Version uint `json:"version"`
+}
+
type LoginReq struct {
AccountName string
Method string
diff --git a/auth/controller.go b/auth/controller.go
index 7e3346e..05cdd9d 100644
--- a/auth/controller.go
+++ b/auth/controller.go
@@ -103,12 +103,13 @@ func handleSignIn (ctx *gin.Context) {
}
refreshToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
- AuthClaims {
+ RefreshClaims {
jwt.RegisteredClaims {
IssuedAt: jwt.NewNumericDate(time.Now()),
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 6)),
},
u.ID,
+ u.TokenVersion,
},
).SignedString(REFRESH_KEY)
if err != nil {
@@ -137,13 +138,34 @@ func handleRefresh (ctx *gin.Context) {
return []byte(REFRESH_KEY), nil
})
- claims, ok := tk.Claims.(*AuthClaims)
+ claims, ok := tk.Claims.(*RefreshClaims)
if !ok {
ctx.Error(errors.ErrUnauthorized)
ctx.Abort()
return
}
+ // check token version
+ var u user.User
+ err := user.GetUser(&u, claims.UserID)
+ if err != nil {
+ if err == errors.ErrNotFound {
+ ctx.Error(errors.ErrUnauthorized)
+ ctx.Abort()
+ return
+ } else {
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+ }
+ if (u.TokenVersion != claims.Version) {
+ ctx.Error(errors.ErrSessionExpired)
+ ctx.Abort()
+ return
+ }
+
+
if !tk.Valid {
eat := claims.ExpiresAt.Unix()
if eat != 0 && eat < time.Now().Unix() {
@@ -156,8 +178,6 @@ func handleRefresh (ctx *gin.Context) {
return
}
- // TODO: if token is valid, check if user even exists before generating authToken
-
authToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
AuthClaims {
jwt.RegisteredClaims {
@@ -177,6 +197,5 @@ func handleRefresh (ctx *gin.Context) {
ctx.JSON(http.StatusOK, gin.H{
"auth_token": authToken,
"message": "success",
- //"data": u,
})
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-11 09:55:43 +0000