generated from VLADIMIR/template
update refresh
This commit is contained in:
@@ -60,3 +60,16 @@ func (s *server) Login(ctx context.Context, req *proto.LoginReq) (*proto.LoginRs
|
||||
RefreshToken: refreshToken,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *server) Refresh(ctx context.Context, req *proto.RefreshReq) (*proto.RefreshRsp, error) {
|
||||
accessToken, refreshToken, err := s.usersService.Refresh(ctx, req.RefreshToken)
|
||||
if err != nil {
|
||||
return &proto.RefreshRsp{
|
||||
Error: err.Error(),
|
||||
}, nil
|
||||
}
|
||||
return &proto.RefreshRsp{
|
||||
AccessToken: accessToken,
|
||||
RefreshToken: refreshToken,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -5,15 +5,16 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
type processor struct {
|
||||
secret string
|
||||
secret []byte
|
||||
}
|
||||
|
||||
func NewProcessor(secret string) IProcessorJWT {
|
||||
return &processor{
|
||||
secret: secret,
|
||||
secret: []byte(secret),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,7 +33,7 @@ func (p *processor) GenerateAccessToken(userId int, userEmail string, userRoles
|
||||
}
|
||||
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
return token.SignedString([]byte(p.secret))
|
||||
return token.SignedString(p.secret)
|
||||
}
|
||||
|
||||
func (p *processor) GenerateRefreshToken(userId int) (string, error) {
|
||||
@@ -44,11 +45,12 @@ func (p *processor) GenerateRefreshToken(userId int) (string, error) {
|
||||
ExpiresAt: jwt.NewNumericDate(now.Add(7 * 24 * time.Hour)),
|
||||
IssuedAt: jwt.NewNumericDate(now),
|
||||
NotBefore: jwt.NewNumericDate(now),
|
||||
ID: uuid.New().String(),
|
||||
},
|
||||
}
|
||||
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
return token.SignedString([]byte(p.secret))
|
||||
return token.SignedString(p.secret)
|
||||
}
|
||||
|
||||
func (p *processor) GetClaims(token string) (*JWTClaims, error) {
|
||||
|
||||
@@ -2,6 +2,7 @@ package refresh_tokens_repo
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"github.com/jackc/pgx/v5/pgxpool"
|
||||
)
|
||||
@@ -19,25 +20,57 @@ func NewRefreshTokensRepo(pool *pgxpool.Pool) *RefreshTokensRepo {
|
||||
func (s *RefreshTokensRepo) AddRefreshToken(
|
||||
ctx context.Context,
|
||||
userId int,
|
||||
refreshToken string,
|
||||
expiresAt time.Time,
|
||||
jti string,
|
||||
) error {
|
||||
_, err := s.pool.Exec(
|
||||
ctx,
|
||||
`INSERT INTO refresh_tokens (user_id, refresh_token) VALUES ($1, $2)`,
|
||||
`INSERT INTO refresh_tokens (user_id, expires_at, jti)
|
||||
VALUES ($1, $2, $3)`,
|
||||
userId,
|
||||
refreshToken,
|
||||
expiresAt,
|
||||
jti,
|
||||
)
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *RefreshTokensRepo) DeleteRefreshTokensByUserId(
|
||||
func (s *RefreshTokensRepo) ExistsRefreshToken(
|
||||
ctx context.Context,
|
||||
userId int,
|
||||
jti string,
|
||||
now time.Time,
|
||||
) (bool, error) {
|
||||
var exists bool
|
||||
|
||||
err := s.pool.QueryRow(
|
||||
ctx,
|
||||
`SELECT EXISTS(
|
||||
SELECT 1
|
||||
FROM refresh_tokens
|
||||
WHERE user_id = $1
|
||||
AND jti = $2
|
||||
AND expires_at > $3
|
||||
)`,
|
||||
userId,
|
||||
jti,
|
||||
now,
|
||||
).Scan(&exists)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
return exists, nil
|
||||
}
|
||||
|
||||
func (s *RefreshTokensRepo) DeleteRefreshTokenByJti(
|
||||
ctx context.Context,
|
||||
jti string,
|
||||
) error {
|
||||
_, err := s.pool.Exec(
|
||||
ctx,
|
||||
`DELETE FROM refresh_tokens WHERE user_id = $1`,
|
||||
userId,
|
||||
`DELETE FROM refresh_tokens
|
||||
WHERE jti = $1`,
|
||||
jti,
|
||||
)
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -5,6 +5,6 @@ type User struct {
|
||||
Username string
|
||||
Email string
|
||||
PasswordHash string
|
||||
Role string
|
||||
Roles []string
|
||||
IsActive bool
|
||||
}
|
||||
|
||||
@@ -28,11 +28,11 @@ func (s *UsersRepo) AddUser(
|
||||
username string,
|
||||
email string,
|
||||
passwordHash string,
|
||||
role string,
|
||||
roles []string,
|
||||
) error {
|
||||
tag, err := s.pool.Exec(
|
||||
ctx,
|
||||
`INSERT INTO users (username, email, password_hash, role)
|
||||
`INSERT INTO users (username, email, password_hash, roles)
|
||||
SELECT $1, $2, $3, $4
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM users
|
||||
@@ -41,7 +41,7 @@ func (s *UsersRepo) AddUser(
|
||||
username,
|
||||
email,
|
||||
passwordHash,
|
||||
role,
|
||||
roles,
|
||||
|
||||
username,
|
||||
email,
|
||||
@@ -85,7 +85,7 @@ func (s *UsersRepo) GetUserByEmail(
|
||||
user := &repos.User{}
|
||||
row := s.pool.QueryRow(
|
||||
ctx,
|
||||
`SELECT id, username, email, password_hash, role, is_active
|
||||
`SELECT id, username, email, password_hash, roles, is_active
|
||||
FROM users
|
||||
WHERE email = $1`,
|
||||
email,
|
||||
@@ -95,7 +95,37 @@ func (s *UsersRepo) GetUserByEmail(
|
||||
&user.Username,
|
||||
&user.Email,
|
||||
&user.PasswordHash,
|
||||
&user.Role,
|
||||
&user.Roles,
|
||||
&user.IsActive,
|
||||
)
|
||||
if err != nil {
|
||||
if errors.Is(err, pgx.ErrNoRows) {
|
||||
return nil, ErrUserNotFound
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func (s *UsersRepo) GetUserByID(
|
||||
ctx context.Context,
|
||||
id int,
|
||||
) (*repos.User, error) {
|
||||
user := &repos.User{}
|
||||
row := s.pool.QueryRow(
|
||||
ctx,
|
||||
`SELECT id, username, email, password_hash, roles, is_active
|
||||
FROM users
|
||||
WHERE id = $1`,
|
||||
id,
|
||||
)
|
||||
err := row.Scan(
|
||||
&user.ID,
|
||||
&user.Username,
|
||||
&user.Email,
|
||||
&user.PasswordHash,
|
||||
&user.Roles,
|
||||
&user.IsActive,
|
||||
)
|
||||
if err != nil {
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"evening_detective_server/internal/repos/refresh_tokens_repo"
|
||||
"evening_detective_server/internal/repos/users_repo"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
@@ -56,7 +56,7 @@ func (s *UsersService) AddUser(
|
||||
username,
|
||||
email,
|
||||
string(hashedPassword),
|
||||
"user",
|
||||
[]string{"user"},
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -119,26 +119,67 @@ func (s *UsersService) Login(
|
||||
return "", "", errors.New("Не верен email или пароль")
|
||||
}
|
||||
|
||||
roles := strings.Split(user.Role, " ")
|
||||
accessToken, err := s.processorJWT.GenerateAccessToken(user.ID, user.Email, roles)
|
||||
accessToken, err := s.processorJWT.GenerateAccessToken(user.ID, user.Email, user.Roles)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return "", "", errors.New("Не получилось получить доступ")
|
||||
}
|
||||
|
||||
refreshToken, err := s.processorJWT.GenerateRefreshToken(user.ID)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return "", "", errors.New("Не получилось получить доступ")
|
||||
}
|
||||
refreshTokenClaims, err := s.processorJWT.GetClaims(refreshToken)
|
||||
if err != nil {
|
||||
return "", "", errors.New("Не получилось получить доступ")
|
||||
}
|
||||
|
||||
fmt.Println(accessToken, refreshToken)
|
||||
|
||||
if err := s.refreshTokensRepo.DeleteRefreshTokensByUserId(ctx, user.ID); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
if err := s.refreshTokensRepo.AddRefreshToken(ctx, user.ID, refreshToken); err != nil {
|
||||
if err := s.refreshTokensRepo.AddRefreshToken(ctx, user.ID, refreshTokenClaims.ExpiresAt.Time, refreshTokenClaims.ID); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
return accessToken, refreshToken, nil
|
||||
}
|
||||
|
||||
func (s *UsersService) Refresh(
|
||||
ctx context.Context,
|
||||
token string,
|
||||
) (string, string, error) {
|
||||
claims, err := s.processorJWT.GetClaims(token)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
ok, err := s.refreshTokensRepo.ExistsRefreshToken(ctx, claims.UserID, claims.ID, time.Now())
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
if !ok {
|
||||
return "", "", errors.New("Пользователь не найден")
|
||||
}
|
||||
if err := s.refreshTokensRepo.DeleteRefreshTokenByJti(ctx, claims.ID); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
user, err := s.usersRepo.GetUserByID(ctx, claims.UserID)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
accessToken, err := s.processorJWT.GenerateAccessToken(user.ID, user.Email, user.Roles)
|
||||
if err != nil {
|
||||
return "", "", errors.New("Не получилось получить доступ")
|
||||
}
|
||||
|
||||
refreshToken, err := s.processorJWT.GenerateRefreshToken(user.ID)
|
||||
if err != nil {
|
||||
return "", "", errors.New("Не получилось получить доступ")
|
||||
}
|
||||
refreshTokenClaims, err := s.processorJWT.GetClaims(refreshToken)
|
||||
if err != nil {
|
||||
return "", "", errors.New("Не получилось получить доступ")
|
||||
}
|
||||
|
||||
if err := s.refreshTokensRepo.AddRefreshToken(ctx, user.ID, refreshTokenClaims.ExpiresAt.Time, refreshTokenClaims.ID); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user