update refresh

This commit is contained in:
2026-07-06 12:58:27 +07:00
parent e4007eb15a
commit 57687d1d62
15 changed files with 483 additions and 66 deletions
+13
View File
@@ -60,3 +60,16 @@ func (s *server) Login(ctx context.Context, req *proto.LoginReq) (*proto.LoginRs
RefreshToken: refreshToken,
}, nil
}
func (s *server) Refresh(ctx context.Context, req *proto.RefreshReq) (*proto.RefreshRsp, error) {
accessToken, refreshToken, err := s.usersService.Refresh(ctx, req.RefreshToken)
if err != nil {
return &proto.RefreshRsp{
Error: err.Error(),
}, nil
}
return &proto.RefreshRsp{
AccessToken: accessToken,
RefreshToken: refreshToken,
}, nil
}
+6 -4
View File
@@ -5,15 +5,16 @@ import (
"time"
"github.com/golang-jwt/jwt/v5"
"github.com/google/uuid"
)
type processor struct {
secret string
secret []byte
}
func NewProcessor(secret string) IProcessorJWT {
return &processor{
secret: secret,
secret: []byte(secret),
}
}
@@ -32,7 +33,7 @@ func (p *processor) GenerateAccessToken(userId int, userEmail string, userRoles
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(p.secret))
return token.SignedString(p.secret)
}
func (p *processor) GenerateRefreshToken(userId int) (string, error) {
@@ -44,11 +45,12 @@ func (p *processor) GenerateRefreshToken(userId int) (string, error) {
ExpiresAt: jwt.NewNumericDate(now.Add(7 * 24 * time.Hour)),
IssuedAt: jwt.NewNumericDate(now),
NotBefore: jwt.NewNumericDate(now),
ID: uuid.New().String(),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(p.secret))
return token.SignedString(p.secret)
}
func (p *processor) GetClaims(token string) (*JWTClaims, error) {
+39 -6
View File
@@ -2,6 +2,7 @@ package refresh_tokens_repo
import (
"context"
"time"
"github.com/jackc/pgx/v5/pgxpool"
)
@@ -19,25 +20,57 @@ func NewRefreshTokensRepo(pool *pgxpool.Pool) *RefreshTokensRepo {
func (s *RefreshTokensRepo) AddRefreshToken(
ctx context.Context,
userId int,
refreshToken string,
expiresAt time.Time,
jti string,
) error {
_, err := s.pool.Exec(
ctx,
`INSERT INTO refresh_tokens (user_id, refresh_token) VALUES ($1, $2)`,
`INSERT INTO refresh_tokens (user_id, expires_at, jti)
VALUES ($1, $2, $3)`,
userId,
refreshToken,
expiresAt,
jti,
)
return err
}
func (s *RefreshTokensRepo) DeleteRefreshTokensByUserId(
func (s *RefreshTokensRepo) ExistsRefreshToken(
ctx context.Context,
userId int,
jti string,
now time.Time,
) (bool, error) {
var exists bool
err := s.pool.QueryRow(
ctx,
`SELECT EXISTS(
SELECT 1
FROM refresh_tokens
WHERE user_id = $1
AND jti = $2
AND expires_at > $3
)`,
userId,
jti,
now,
).Scan(&exists)
if err != nil {
return false, err
}
return exists, nil
}
func (s *RefreshTokensRepo) DeleteRefreshTokenByJti(
ctx context.Context,
jti string,
) error {
_, err := s.pool.Exec(
ctx,
`DELETE FROM refresh_tokens WHERE user_id = $1`,
userId,
`DELETE FROM refresh_tokens
WHERE jti = $1`,
jti,
)
return err
}
+1 -1
View File
@@ -5,6 +5,6 @@ type User struct {
Username string
Email string
PasswordHash string
Role string
Roles []string
IsActive bool
}
+35 -5
View File
@@ -28,11 +28,11 @@ func (s *UsersRepo) AddUser(
username string,
email string,
passwordHash string,
role string,
roles []string,
) error {
tag, err := s.pool.Exec(
ctx,
`INSERT INTO users (username, email, password_hash, role)
`INSERT INTO users (username, email, password_hash, roles)
SELECT $1, $2, $3, $4
WHERE NOT EXISTS (
SELECT 1 FROM users
@@ -41,7 +41,7 @@ func (s *UsersRepo) AddUser(
username,
email,
passwordHash,
role,
roles,
username,
email,
@@ -85,7 +85,7 @@ func (s *UsersRepo) GetUserByEmail(
user := &repos.User{}
row := s.pool.QueryRow(
ctx,
`SELECT id, username, email, password_hash, role, is_active
`SELECT id, username, email, password_hash, roles, is_active
FROM users
WHERE email = $1`,
email,
@@ -95,7 +95,37 @@ func (s *UsersRepo) GetUserByEmail(
&user.Username,
&user.Email,
&user.PasswordHash,
&user.Role,
&user.Roles,
&user.IsActive,
)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
return nil, ErrUserNotFound
}
return nil, err
}
return user, nil
}
func (s *UsersRepo) GetUserByID(
ctx context.Context,
id int,
) (*repos.User, error) {
user := &repos.User{}
row := s.pool.QueryRow(
ctx,
`SELECT id, username, email, password_hash, roles, is_active
FROM users
WHERE id = $1`,
id,
)
err := row.Scan(
&user.ID,
&user.Username,
&user.Email,
&user.PasswordHash,
&user.Roles,
&user.IsActive,
)
if err != nil {
+54 -13
View File
@@ -9,7 +9,7 @@ import (
"evening_detective_server/internal/repos/refresh_tokens_repo"
"evening_detective_server/internal/repos/users_repo"
"fmt"
"strings"
"time"
"golang.org/x/crypto/bcrypt"
)
@@ -56,7 +56,7 @@ func (s *UsersService) AddUser(
username,
email,
string(hashedPassword),
"user",
[]string{"user"},
)
if err != nil {
return err
@@ -119,26 +119,67 @@ func (s *UsersService) Login(
return "", "", errors.New("Не верен email или пароль")
}
roles := strings.Split(user.Role, " ")
accessToken, err := s.processorJWT.GenerateAccessToken(user.ID, user.Email, roles)
accessToken, err := s.processorJWT.GenerateAccessToken(user.ID, user.Email, user.Roles)
if err != nil {
fmt.Println(err)
return "", "", errors.New("Не получилось получить доступ")
}
refreshToken, err := s.processorJWT.GenerateRefreshToken(user.ID)
if err != nil {
fmt.Println(err)
return "", "", errors.New("Не получилось получить доступ")
}
refreshTokenClaims, err := s.processorJWT.GetClaims(refreshToken)
if err != nil {
return "", "", errors.New("Не получилось получить доступ")
}
fmt.Println(accessToken, refreshToken)
if err := s.refreshTokensRepo.DeleteRefreshTokensByUserId(ctx, user.ID); err != nil {
return "", "", err
}
if err := s.refreshTokensRepo.AddRefreshToken(ctx, user.ID, refreshToken); err != nil {
if err := s.refreshTokensRepo.AddRefreshToken(ctx, user.ID, refreshTokenClaims.ExpiresAt.Time, refreshTokenClaims.ID); err != nil {
return "", "", err
}
return accessToken, refreshToken, nil
}
func (s *UsersService) Refresh(
ctx context.Context,
token string,
) (string, string, error) {
claims, err := s.processorJWT.GetClaims(token)
if err != nil {
return "", "", err
}
ok, err := s.refreshTokensRepo.ExistsRefreshToken(ctx, claims.UserID, claims.ID, time.Now())
if err != nil {
return "", "", err
}
if !ok {
return "", "", errors.New("Пользователь не найден")
}
if err := s.refreshTokensRepo.DeleteRefreshTokenByJti(ctx, claims.ID); err != nil {
return "", "", err
}
user, err := s.usersRepo.GetUserByID(ctx, claims.UserID)
if err != nil {
return "", "", err
}
accessToken, err := s.processorJWT.GenerateAccessToken(user.ID, user.Email, user.Roles)
if err != nil {
return "", "", errors.New("Не получилось получить доступ")
}
refreshToken, err := s.processorJWT.GenerateRefreshToken(user.ID)
if err != nil {
return "", "", errors.New("Не получилось получить доступ")
}
refreshTokenClaims, err := s.processorJWT.GetClaims(refreshToken)
if err != nil {
return "", "", errors.New("Не получилось получить доступ")
}
if err := s.refreshTokensRepo.AddRefreshToken(ctx, user.ID, refreshTokenClaims.ExpiresAt.Time, refreshTokenClaims.ID); err != nil {
return "", "", err
}