github.com/Richardknop/go-oauth2-server@v1.0.1/oauth/authenticate.go

github.com/Richardknop/go-oauth2-server@v1.0.1/oauth/authenticate.go (about)

     1  package oauth
     2  
     3  import (
     4  	"errors"
     5  	"time"
     6  
     7  	"github.com/RichardKnop/go-oauth2-server/models"
     8  	"github.com/RichardKnop/go-oauth2-server/session"
     9  	"github.com/jinzhu/gorm"
    10  )
    11  
    12  var (
    13  	// ErrAccessTokenNotFound ...
    14  	ErrAccessTokenNotFound = errors.New("Access token not found")
    15  	// ErrAccessTokenExpired ...
    16  	ErrAccessTokenExpired = errors.New("Access token expired")
    17  )
    18  
    19  // Authenticate checks the access token is valid
    20  func (s *Service) Authenticate(token string) (*models.OauthAccessToken, error) {
    21  	// Fetch the access token from the database
    22  	accessToken := new(models.OauthAccessToken)
    23  	notFound := s.db.Where("token = ?", token).First(accessToken).RecordNotFound()
    24  
    25  	// Not found
    26  	if notFound {
    27  		return nil, ErrAccessTokenNotFound
    28  	}
    29  
    30  	// Check the access token hasn't expired
    31  	if time.Now().UTC().After(accessToken.ExpiresAt) {
    32  		return nil, ErrAccessTokenExpired
    33  	}
    34  
    35  	// Extend refresh token expiration database
    36  	query := s.db.Model(new(models.OauthRefreshToken)).Where("client_id = ?", accessToken.ClientID.String)
    37  	if accessToken.UserID.Valid {
    38  		query = query.Where("user_id = ?", accessToken.UserID.String)
    39  	} else {
    40  		query = query.Where("user_id IS NULL")
    41  	}
    42  	increasedExpiresAt := gorm.NowFunc().Add(
    43  		time.Duration(s.cnf.Oauth.RefreshTokenLifetime) * time.Second,
    44  	)
    45  	if err := query.UpdateColumn("expires_at", increasedExpiresAt).Error; err != nil {
    46  		return nil, err
    47  	}
    48  
    49  	return accessToken, nil
    50  }
    51  
    52  // ClearUserTokens deletes the user's access and refresh tokens associated with this client id
    53  func (s *Service) ClearUserTokens(userSession *session.UserSession) {
    54  	// Clear all refresh tokens with user_id and client_id
    55  	refreshToken := new(models.OauthRefreshToken)
    56  	found := !models.OauthRefreshTokenPreload(s.db).Where("token = ?", userSession.RefreshToken).First(refreshToken).RecordNotFound()
    57  	if found {
    58  		s.db.Unscoped().Where("client_id = ? AND user_id = ?", refreshToken.ClientID, refreshToken.UserID).Delete(models.OauthRefreshToken{})
    59  	}
    60  
    61  	// Clear all access tokens with user_id and client_id
    62  	accessToken := new(models.OauthAccessToken)
    63  	found = !models.OauthAccessTokenPreload(s.db).Where("token = ?", userSession.AccessToken).First(accessToken).RecordNotFound()
    64  	if found {
    65  		s.db.Unscoped().Where("client_id = ? AND user_id = ?", accessToken.ClientID, accessToken.UserID).Delete(models.OauthAccessToken{})
    66  	}
    67  }