You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
2.0 KiB
86 lines
2.0 KiB
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/mnrva-dev/owltier.com/server/db"
|
|
"github.com/mnrva-dev/owltier.com/server/jsend"
|
|
"github.com/mnrva-dev/owltier.com/server/middleware"
|
|
"github.com/mnrva-dev/owltier.com/server/token"
|
|
)
|
|
|
|
func Refresh(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// get user and token from token parse middleware
|
|
user, err := r.Context().Value(middleware.ContextKeyValues).(*middleware.Values).GetUser()
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
t, err := r.Context().Value(middleware.ContextKeyValues).(*middleware.Values).GetRefreshToken()
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if user.Refresh != t {
|
|
http.Error(w, "Token mismatch", http.StatusUnauthorized)
|
|
fmt.Printf("%s\n%s", user.Refresh, t)
|
|
return
|
|
}
|
|
|
|
// prepare login information for the client
|
|
accessT := token.GenerateAccess(user)
|
|
refreshT := token.GenerateRefresh(user)
|
|
db.Update(user, "RefreshToken", refreshT)
|
|
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "_owltier.com_auth",
|
|
Value: accessT,
|
|
Path: "/",
|
|
Expires: time.Now().Add(time.Hour),
|
|
HttpOnly: true,
|
|
Secure: true,
|
|
})
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "_owltier.com_refresh",
|
|
Value: accessT,
|
|
Path: "/",
|
|
Expires: time.Now().Add(time.Hour),
|
|
HttpOnly: true,
|
|
Secure: true,
|
|
})
|
|
jsend.Success(w, nil)
|
|
}
|
|
|
|
func Validate(w http.ResponseWriter, r *http.Request) {
|
|
header := r.Header.Get("Authorization")
|
|
headerVals := strings.Split(header, " ")
|
|
if strings.ToLower(headerVals[0]) != "bearer" {
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
fmt.Fprint(w, "Bad Authorization Scheme")
|
|
}
|
|
t := headerVals[1]
|
|
if t == "" {
|
|
w.WriteHeader(400)
|
|
fmt.Fprint(w, "No Token Provided")
|
|
return
|
|
}
|
|
|
|
claims, err := token.ValidateAccess(t)
|
|
if err != nil {
|
|
w.WriteHeader(401)
|
|
fmt.Fprint(w, "Unauthorized")
|
|
return
|
|
}
|
|
|
|
if claims.Type != "Access" {
|
|
w.WriteHeader(401)
|
|
fmt.Fprint(w, "Unauthorized")
|
|
return
|
|
}
|
|
jsend.Success(w, nil)
|
|
}
|