Added support for renewal tokens
This commit is contained in:
parent
2c82969152
commit
a54b2eb847
|
@ -6,7 +6,6 @@ import (
|
|||
|
||||
"github.com/google/uuid"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gitlab.larvit.se/power-plan/auth/src/utils"
|
||||
)
|
||||
|
||||
// AccountCreate writes a user to database
|
||||
|
@ -112,21 +111,3 @@ func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, e
|
|||
|
||||
return account, nil
|
||||
}
|
||||
|
||||
// RenewalTokenGet obtain a new renewal token
|
||||
func (d Db) RenewalTokenGet(accountID string) (string, error) {
|
||||
logContext := log.WithFields(log.Fields{"accountID": accountID})
|
||||
|
||||
logContext.Debug("Creating new renewal token")
|
||||
|
||||
newToken := utils.RandString(60)
|
||||
|
||||
insertSQL := "INSERT INTO \"renewalTokens\" (\"accountId\",token) VALUES($1,$2);"
|
||||
_, insertErr := d.DbPool.Exec(context.Background(), insertSQL, accountID, newToken)
|
||||
if insertErr != nil {
|
||||
logContext.Error("Could not insert into database table \"renewalTokens\", err: " + insertErr.Error())
|
||||
return "", insertErr
|
||||
}
|
||||
|
||||
return newToken, nil
|
||||
}
|
||||
|
|
60
src/db/renewalTokens.go
Normal file
60
src/db/renewalTokens.go
Normal file
|
@ -0,0 +1,60 @@
|
|||
package db
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gitlab.larvit.se/power-plan/auth/src/utils"
|
||||
)
|
||||
|
||||
// RenewalTokenCreate obtain a new renewal token
|
||||
func (d Db) RenewalTokenCreate(accountID string) (string, error) {
|
||||
logContext := log.WithFields(log.Fields{"accountID": accountID})
|
||||
|
||||
logContext.Debug("Creating new renewal token")
|
||||
|
||||
newToken := utils.RandString(60)
|
||||
|
||||
insertSQL := "INSERT INTO \"renewalTokens\" (\"accountId\",token) VALUES($1,$2);"
|
||||
_, insertErr := d.DbPool.Exec(context.Background(), insertSQL, accountID, newToken)
|
||||
if insertErr != nil {
|
||||
logContext.Error("Could not insert into database table \"renewalTokens\", err: " + insertErr.Error())
|
||||
return "", insertErr
|
||||
}
|
||||
|
||||
return newToken, nil
|
||||
}
|
||||
|
||||
// RenewalTokenGet checks if a valid renewal token exists in database
|
||||
func (d Db) RenewalTokenGet(token string) (string, error) {
|
||||
log.Debug("Trying to get a renewal token")
|
||||
|
||||
sql := "SELECT \"accountId\" FROM \"renewalTokens\" WHERE exp >= now() AND token = $1"
|
||||
|
||||
var foundAccountID string
|
||||
err := d.DbPool.QueryRow(context.Background(), sql, token).Scan(&foundAccountID)
|
||||
if err != nil {
|
||||
if err.Error() == "no rows in result set" {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
log.Error("Database error when fetching renewal token, err: " + err.Error())
|
||||
return "", err
|
||||
}
|
||||
|
||||
return foundAccountID, nil
|
||||
}
|
||||
|
||||
// RenewalTokenRm removes a renewal token from the database
|
||||
func (d Db) RenewalTokenRm(token string) error {
|
||||
log.Debug("Trying to remove a renewal token")
|
||||
|
||||
sql := "DELETE FROM \"renewalTokens\" WHERE token = $1"
|
||||
_, err := d.DbPool.Exec(context.Background(), sql, token)
|
||||
if err != nil {
|
||||
log.Error("Database error when trying to remove token, err: " + err.Error())
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -30,7 +30,7 @@ func (h Handlers) returnTokens(account db.Account, c *fiber.Ctx) error {
|
|||
return c.Status(500).JSON([]ResJSONError{{Error: "Could not create JWT token string"}})
|
||||
}
|
||||
|
||||
renewalToken, renewalTokenErr := h.Db.RenewalTokenGet(account.ID.String())
|
||||
renewalToken, renewalTokenErr := h.Db.RenewalTokenCreate(account.ID.String())
|
||||
if renewalTokenErr != nil {
|
||||
log.Error("Could not create renewal token, err: " + renewalTokenErr.Error())
|
||||
return c.Status(500).JSON([]ResJSONError{{Error: "Could not create renewal token"}})
|
||||
|
|
|
@ -114,3 +114,32 @@ func (h Handlers) AccountAuthPassword(c *fiber.Ctx) error {
|
|||
|
||||
return h.returnTokens(resolvedAccount, c)
|
||||
}
|
||||
|
||||
// TokenRenew creates a new renewal token and JWT from an old renewal token
|
||||
func (h Handlers) TokenRenew(c *fiber.Ctx) error {
|
||||
inputToken := string(c.Request().Body())
|
||||
inputToken = inputToken[1 : len(inputToken)-1]
|
||||
|
||||
foundAccountID, err := h.Db.RenewalTokenGet(inputToken)
|
||||
if err != nil {
|
||||
return c.Status(500).JSON([]ResJSONError{{Error: err.Error()}})
|
||||
} else if foundAccountID == "" {
|
||||
return c.Status(403).JSON([]ResJSONError{{Error: "Invalid token"}})
|
||||
}
|
||||
|
||||
resolvedAccount, accountErr := h.Db.AccountGet(foundAccountID, "", "")
|
||||
if accountErr != nil {
|
||||
if accountErr.Error() == "no rows in result set" {
|
||||
return c.Status(500).JSON([]ResJSONError{{Error: "Database missmatch. Token found, but account is missing."}})
|
||||
}
|
||||
log.Error("Something went wrong when trying to fetch account")
|
||||
return c.Status(500).JSON([]ResJSONError{{Error: "Something went wrong when trying to fetch account"}})
|
||||
}
|
||||
|
||||
rmErr := h.Db.RenewalTokenRm(inputToken)
|
||||
if rmErr != nil {
|
||||
return c.Status(500).JSON([]ResJSONError{{Error: "Could not remove old token, err: " + rmErr.Error()}})
|
||||
}
|
||||
|
||||
return h.returnTokens(resolvedAccount, c)
|
||||
}
|
||||
|
|
|
@ -77,6 +77,7 @@ func main() {
|
|||
app.Post("/account", handlers.AccountCreate)
|
||||
app.Post("/auth/api-key", handlers.AccountAuthAPIKey)
|
||||
app.Post("/auth/password", handlers.AccountAuthPassword)
|
||||
app.Post("/renew-token", handlers.TokenRenew)
|
||||
|
||||
log.WithFields(log.Fields{"WEB_BIND_HOST": os.Getenv("WEB_BIND_HOST")}).Info("Trying to start web server")
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user