From b0f5cefba592f6bc7166cdd5d83899dc2bbcb355 Mon Sep 17 00:00:00 2001 From: Vidhu Kant Sharma Date: Fri, 10 Oct 2025 17:29:30 +0530 Subject: added refresh token versioning --- auth/controller.go | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) (limited to 'auth/controller.go') diff --git a/auth/controller.go b/auth/controller.go index 7e3346e..05cdd9d 100644 --- a/auth/controller.go +++ b/auth/controller.go @@ -103,12 +103,13 @@ func handleSignIn (ctx *gin.Context) { } refreshToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256, - AuthClaims { + RefreshClaims { jwt.RegisteredClaims { IssuedAt: jwt.NewNumericDate(time.Now()), ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 6)), }, u.ID, + u.TokenVersion, }, ).SignedString(REFRESH_KEY) if err != nil { @@ -137,13 +138,34 @@ func handleRefresh (ctx *gin.Context) { return []byte(REFRESH_KEY), nil }) - claims, ok := tk.Claims.(*AuthClaims) + claims, ok := tk.Claims.(*RefreshClaims) if !ok { ctx.Error(errors.ErrUnauthorized) ctx.Abort() return } + // check token version + var u user.User + err := user.GetUser(&u, claims.UserID) + if err != nil { + if err == errors.ErrNotFound { + ctx.Error(errors.ErrUnauthorized) + ctx.Abort() + return + } else { + ctx.Error(err) + ctx.Abort() + return + } + } + if (u.TokenVersion != claims.Version) { + ctx.Error(errors.ErrSessionExpired) + ctx.Abort() + return + } + + if !tk.Valid { eat := claims.ExpiresAt.Unix() if eat != 0 && eat < time.Now().Unix() { @@ -156,8 +178,6 @@ func handleRefresh (ctx *gin.Context) { return } - // TODO: if token is valid, check if user even exists before generating authToken - authToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256, AuthClaims { jwt.RegisteredClaims { @@ -177,6 +197,5 @@ func handleRefresh (ctx *gin.Context) { ctx.JSON(http.StatusOK, gin.H{ "auth_token": authToken, "message": "success", - //"data": u, }) } -- cgit v1.2.3