2021-07-17 21:59:50 +05:30
|
|
|
package resolvers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
2021-07-21 13:36:26 +05:30
|
|
|
"time"
|
2021-07-17 21:59:50 +05:30
|
|
|
|
2021-09-20 10:36:26 +05:30
|
|
|
"github.com/authorizerdev/authorizer/server/constants"
|
2021-07-23 21:57:44 +05:30
|
|
|
"github.com/authorizerdev/authorizer/server/db"
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/enum"
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/graph/model"
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/session"
|
|
|
|
|
"github.com/authorizerdev/authorizer/server/utils"
|
2021-07-17 21:59:50 +05:30
|
|
|
)
|
|
|
|
|
|
2021-12-23 14:17:44 +05:30
|
|
|
func Session(ctx context.Context, roles []string) (*model.AuthResponse, error) {
|
2021-07-28 15:43:08 +05:30
|
|
|
var res *model.AuthResponse
|
2021-07-28 13:25:52 +05:30
|
|
|
|
|
|
|
|
gc, err := utils.GinContextFromContext(ctx)
|
2021-07-17 21:59:50 +05:30
|
|
|
if err != nil {
|
|
|
|
|
return res, err
|
|
|
|
|
}
|
|
|
|
|
token, err := utils.GetAuthToken(gc)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return res, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
claim, accessTokenErr := utils.VerifyAuthToken(token)
|
2021-09-20 10:36:26 +05:30
|
|
|
expiresAt := claim["exp"].(int64)
|
|
|
|
|
email := fmt.Sprintf("%v", claim["email"])
|
2021-07-17 21:59:50 +05:30
|
|
|
|
2021-09-20 10:36:26 +05:30
|
|
|
user, err := db.Mgr.GetUserByEmail(email)
|
2021-07-17 21:59:50 +05:30
|
|
|
if err != nil {
|
|
|
|
|
return res, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-07 14:11:26 +05:30
|
|
|
userIdStr := fmt.Sprintf("%v", user.ID)
|
2021-07-17 21:59:50 +05:30
|
|
|
|
2021-10-27 23:15:38 +05:30
|
|
|
sessionToken := session.GetToken(userIdStr, token)
|
2021-07-17 21:59:50 +05:30
|
|
|
|
|
|
|
|
if sessionToken == "" {
|
2021-07-18 09:25:20 +05:30
|
|
|
return res, fmt.Errorf(`unauthorized`)
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
|
|
|
|
|
2021-07-21 13:36:26 +05:30
|
|
|
expiresTimeObj := time.Unix(expiresAt, 0)
|
|
|
|
|
currentTimeObj := time.Now()
|
2021-10-13 22:11:41 +05:30
|
|
|
|
2021-12-31 13:52:10 +05:30
|
|
|
claimRoleInterface := claim[constants.EnvData.JWT_ROLE_CLAIM].([]interface{})
|
2021-10-13 22:11:41 +05:30
|
|
|
claimRoles := make([]string, len(claimRoleInterface))
|
|
|
|
|
for i, v := range claimRoleInterface {
|
|
|
|
|
claimRoles[i] = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(roles) > 0 {
|
|
|
|
|
for _, v := range roles {
|
2021-10-19 12:57:59 +05:30
|
|
|
if !utils.StringSliceContains(claimRoles, v) {
|
2021-10-13 22:11:41 +05:30
|
|
|
return res, fmt.Errorf(`unauthorized`)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-21 13:36:26 +05:30
|
|
|
if accessTokenErr != nil || expiresTimeObj.Sub(currentTimeObj).Minutes() <= 5 {
|
2021-07-17 21:59:50 +05:30
|
|
|
// if access token has expired and refresh/session token is valid
|
|
|
|
|
// generate new accessToken
|
2021-10-27 23:15:38 +05:30
|
|
|
currentRefreshToken := session.GetToken(userIdStr, token)
|
2021-12-17 21:25:07 +05:30
|
|
|
session.DeleteVerificationRequest(userIdStr, token)
|
2021-10-13 22:11:41 +05:30
|
|
|
token, expiresAt, _ = utils.CreateAuthToken(user, enum.AccessToken, claimRoles)
|
2021-10-27 23:15:38 +05:30
|
|
|
session.SetToken(userIdStr, token, currentRefreshToken)
|
2021-12-23 10:31:52 +05:30
|
|
|
utils.CreateSession(user.ID, gc)
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
2021-10-13 22:11:41 +05:30
|
|
|
|
2021-07-17 21:59:50 +05:30
|
|
|
utils.SetCookie(gc, token)
|
2021-07-28 15:43:08 +05:30
|
|
|
res = &model.AuthResponse{
|
2021-12-22 10:51:12 +05:30
|
|
|
Message: `Token verified`,
|
|
|
|
|
AccessToken: &token,
|
|
|
|
|
ExpiresAt: &expiresAt,
|
2021-12-24 06:35:02 +05:30
|
|
|
User: utils.GetResponseUserData(user),
|
2021-07-17 21:59:50 +05:30
|
|
|
}
|
|
|
|
|
return res, nil
|
|
|
|
|
}
|
