github.com/RichardKnop/Go-oauth2-server@v1.0.1/oauth/authenticate.go (about) 1 package oauth 2 3 import ( 4 "errors" 5 "time" 6 7 "github.com/RichardKnop/go-oauth2-server/models" 8 "github.com/RichardKnop/go-oauth2-server/session" 9 "github.com/jinzhu/gorm" 10 ) 11 12 var ( 13 // ErrAccessTokenNotFound ... 14 ErrAccessTokenNotFound = errors.New("Access token not found") 15 // ErrAccessTokenExpired ... 16 ErrAccessTokenExpired = errors.New("Access token expired") 17 ) 18 19 // Authenticate checks the access token is valid 20 func (s *Service) Authenticate(token string) (*models.OauthAccessToken, error) { 21 // Fetch the access token from the database 22 accessToken := new(models.OauthAccessToken) 23 notFound := s.db.Where("token = ?", token).First(accessToken).RecordNotFound() 24 25 // Not found 26 if notFound { 27 return nil, ErrAccessTokenNotFound 28 } 29 30 // Check the access token hasn't expired 31 if time.Now().UTC().After(accessToken.ExpiresAt) { 32 return nil, ErrAccessTokenExpired 33 } 34 35 // Extend refresh token expiration database 36 query := s.db.Model(new(models.OauthRefreshToken)).Where("client_id = ?", accessToken.ClientID.String) 37 if accessToken.UserID.Valid { 38 query = query.Where("user_id = ?", accessToken.UserID.String) 39 } else { 40 query = query.Where("user_id IS NULL") 41 } 42 increasedExpiresAt := gorm.NowFunc().Add( 43 time.Duration(s.cnf.Oauth.RefreshTokenLifetime) * time.Second, 44 ) 45 if err := query.UpdateColumn("expires_at", increasedExpiresAt).Error; err != nil { 46 return nil, err 47 } 48 49 return accessToken, nil 50 } 51 52 // ClearUserTokens deletes the user's access and refresh tokens associated with this client id 53 func (s *Service) ClearUserTokens(userSession *session.UserSession) { 54 // Clear all refresh tokens with user_id and client_id 55 refreshToken := new(models.OauthRefreshToken) 56 found := !models.OauthRefreshTokenPreload(s.db).Where("token = ?", userSession.RefreshToken).First(refreshToken).RecordNotFound() 57 if found { 58 s.db.Unscoped().Where("client_id = ? AND user_id = ?", refreshToken.ClientID, refreshToken.UserID).Delete(models.OauthRefreshToken{}) 59 } 60 61 // Clear all access tokens with user_id and client_id 62 accessToken := new(models.OauthAccessToken) 63 found = !models.OauthAccessTokenPreload(s.db).Where("token = ?", userSession.AccessToken).First(accessToken).RecordNotFound() 64 if found { 65 s.db.Unscoped().Where("client_id = ? AND user_id = ?", accessToken.ClientID, accessToken.UserID).Delete(models.OauthAccessToken{}) 66 } 67 }