Implement refresh token logic with fingerprint + rotation

2022-01-23 01:24:41 +05:30
parent 0511e737ae
commit 7f18a3f634
50 changed files with 802 additions and 560 deletions
--- a/server/handlers/verify_email.go
+++ b/server/handlers/verify_email.go
@@ -5,9 +5,10 @@ import (
 	"strings"
 	"time"

-	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/session"
+	"github.com/authorizerdev/authorizer/server/sessionstore"
+	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/gin-gonic/gin"
 )
@@ -19,20 +20,20 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		errorRes := gin.H{
 			"message": "invalid token",
 		}
-		token := c.Query("token")
-		if token == "" {
+		tokenInQuery := c.Query("token")
+		if tokenInQuery == "" {
 			c.JSON(400, errorRes)
 			return
 		}

-		verificationRequest, err := db.Provider.GetVerificationRequestByToken(token)
+		verificationRequest, err := db.Provider.GetVerificationRequestByToken(tokenInQuery)
 		if err != nil {
 			c.JSON(400, errorRes)
 			return
 		}

 		// verify if token exists in db
-		claim, err := utils.VerifyVerificationToken(token)
+		claim, err := token.VerifyVerificationToken(tokenInQuery)
 		if err != nil {
 			c.JSON(400, errorRes)
 			return
@@ -56,13 +57,17 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		db.Provider.DeleteVerificationRequest(verificationRequest)

 		roles := strings.Split(user.Roles, ",")
-		refreshToken, _, _ := utils.CreateAuthToken(user, constants.TokenTypeRefreshToken, roles)
-
-		accessToken, _, _ := utils.CreateAuthToken(user, constants.TokenTypeAccessToken, roles)
-
-		session.SetUserSession(user.ID, accessToken, refreshToken)
+		authToken, err := token.CreateAuthToken(user, roles)
+		if err != nil {
+			c.JSON(400, gin.H{
+				"message": err.Error(),
+			})
+			return
+		}
+		sessionstore.SetUserSession(user.ID, authToken.FingerPrint, authToken.RefreshToken.Token)
+		cookie.SetCookie(c, authToken.AccessToken.Token, authToken.RefreshToken.Token, authToken.FingerPrintHash)
 		utils.SaveSessionInDB(user.ID, c)
-		utils.SetCookie(c, accessToken)
+
 		c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL)
 	}
 }