github.com/resonatecoop/id@v1.1.0-43/oauth/authenticate.go

github.com/resonatecoop/id@v1.1.0-43/oauth/authenticate.go (about)

     1  package oauth
     2  
     3  import (
     4  	"context"
     5  	"errors"
     6  	"time"
     7  
     8  	"github.com/google/uuid"
     9  	"github.com/resonatecoop/id/session"
    10  	"github.com/resonatecoop/id/util"
    11  	"github.com/resonatecoop/user-api/model"
    12  )
    13  
    14  var (
    15  	// ErrAccessTokenNotFound ...
    16  	ErrAccessTokenNotFound = errors.New("Access token not found")
    17  	// ErrAccessTokenExpired ...
    18  	ErrAccessTokenExpired = errors.New("Access token expired")
    19  )
    20  
    21  // Authenticate checks the access token is valid
    22  func (s *Service) Authenticate(token string) (*model.AccessToken, error) {
    23  	// Fetch the access token from the database
    24  	ctx := context.Background()
    25  	accessToken := new(model.AccessToken)
    26  
    27  	err := s.db.NewSelect().
    28  		Model(accessToken).
    29  		Where("token = ?", token).
    30  		Limit(1).
    31  		Scan(ctx)
    32  
    33  	// Not found
    34  	if err != nil {
    35  		return nil, ErrAccessTokenNotFound
    36  	}
    37  
    38  	// Check the access token hasn't expired
    39  	if time.Now().UTC().After(accessToken.ExpiresAt) {
    40  		return nil, ErrAccessTokenExpired
    41  	}
    42  
    43  	// Extend refresh token expiration database
    44  
    45  	increasedExpiresAt := time.Now().Add(
    46  		time.Duration(s.cnf.Oauth.RefreshTokenLifetime) * time.Second,
    47  	)
    48  
    49  	//var res sql.Result
    50  
    51  	//	err = GetOrCreateRefreshToken
    52  
    53  	if util.IsValidUUID(accessToken.UserID.String()) && accessToken.UserID != uuid.Nil {
    54  		_, err = s.db.NewUpdate().
    55  			Model(new(model.RefreshToken)).
    56  			Set("expires_at = ?", increasedExpiresAt).
    57  			Set("updated_at = ?", time.Now().UTC()).
    58  			Where("client_id = ?", accessToken.ClientID.String()).
    59  			Where("user_id = ?", accessToken.UserID.String()).
    60  			Exec(ctx)
    61  	} else {
    62  		_, err = s.db.NewUpdate().
    63  			Model(new(model.RefreshToken)).
    64  			Set("expires_at = ?", increasedExpiresAt).
    65  			Set("updated_at = ?", time.Now().UTC()).
    66  			Where("client_id = ?", accessToken.ClientID.String()).
    67  			Where("user_id = uuid_nil()").
    68  			Exec(ctx)
    69  	}
    70  
    71  	if err != nil {
    72  		return nil, err
    73  	}
    74  
    75  	return accessToken, nil
    76  }
    77  
    78  // ClearUserTokens deletes the user's access and refresh tokens associated with this client id
    79  func (s *Service) ClearUserTokens(userSession *session.UserSession) {
    80  	// Clear all refresh tokens with user_id and client_id
    81  	ctx := context.Background()
    82  	refreshToken := new(model.RefreshToken)
    83  
    84  	err := s.db.NewSelect().
    85  		Model(refreshToken).
    86  		Where("token = ?", userSession.RefreshToken).
    87  		Limit(1).
    88  		Scan(ctx)
    89  
    90  	// Found
    91  	if err == nil {
    92  		_, err = s.db.NewDelete().
    93  			Model(refreshToken).
    94  			Where("client_id = ? AND user_id = ?", refreshToken.ClientID, refreshToken.UserID).
    95  			Exec(ctx)
    96  	}
    97  
    98  	// Clear all access tokens with user_id and client_id
    99  	accessToken := new(model.AccessToken)
   100  
   101  	err = s.db.NewSelect().
   102  		Model(accessToken).
   103  		Where("token = ?", userSession.AccessToken).
   104  		Limit(1).
   105  		Scan(ctx)
   106  
   107  	// Found
   108  	if err == nil {
   109  		_, err = s.db.NewDelete().
   110  			Model(accessToken).
   111  			Where("client_id = ? AND user_id = ?", accessToken.ClientID, accessToken.UserID).
   112  			Exec(ctx)
   113  	}
   114  }