Implement refresh token endpoint

Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
2026-05-09 21:36:23 +02:00
parent 19e47876f0
commit e58eba1b16
10 changed files with 356 additions and 148 deletions
--- a/api/v1/accounts_auth.go
+++ b/api/v1/accounts_auth.go
@@ -1,17 +1,77 @@
 package v1

 import (
+	"context"
+
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/authorization"
 	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
 	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
+	"github.com/golang/protobuf/ptypes/empty"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/emptypb"
 )

-func NewAccountAuthRPCImpl(ctrl *controllers.AccountController) *AccountsAuthServer {
+func NewAccountAuthRPCImpl(
+	accountsCtrl *controllers.AccountController,
+	authorizationCtrl *authorization.AuthController,
+) *AccountsAuthServer {
 	return &AccountsAuthServer{
-		ctrl: ctrl,
+		accountsCtrl:      accountsCtrl,
+		authorizationCtrl: authorizationCtrl,
 	}
 }

 type AccountsAuthServer struct {
 	accounts.UnimplementedAccountsAuthServiceServer
-	ctrl *controllers.AccountController
+	accountsCtrl      *controllers.AccountController
+	authorizationCtrl *authorization.AuthController
+}
+
+func (a *AccountsAuthServer) RefreshToken(ctx context.Context, in *empty.Empty) (*empty.Empty, error) {
+	claims, err := a.authorizationCtrl.ClaimsFromContext(ctx)
+	if err != nil {
+		return nil, status.Error(codes.Aborted, "Context is invalid")
+	}
+
+	if claims.TokenType != authorization.TokenTypeRefresh {
+		return nil, status.Error(codes.Unauthenticated, "Invalid token")
+	}
+
+	session, err := a.authorizationCtrl.GetSession(ctx, claims.TokenID)
+	if err != nil {
+		return nil, status.Error(codes.Unauthenticated, "Session doesn't exists")
+	}
+
+	if session.UserID != claims.UserID {
+		return nil, status.Error(codes.Unauthenticated, "Invalid session")
+	}
+
+	accessToken, _, err := a.authorizationCtrl.GenerateToken(session.UserID, authorization.TokenTypeAccess)
+	if err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
+	}
+
+	refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(session.UserID, authorization.TokenTypeRefresh)
+	if err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
+	}
+
+	newSession := &authorization.Session{UserID: session.UserID}
+
+	if err := a.authorizationCtrl.SaveSession(ctx, tokenID, newSession); err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't store session")
+	}
+
+	header := metadata.New(map[string]string{
+		"X-Access-Token":  accessToken,
+		"X-Refresh-Token": refreshToken,
+	})
+	if err := grpc.SetHeader(ctx, header); err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't set metadata")
+	}
+
+	return &emptypb.Empty{}, nil
 }
--- a/api/v1/accounts_no_auth.go
+++ b/api/v1/accounts_no_auth.go
@@ -3,6 +3,7 @@ package v1
 import (
 	"context"

+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/authorization"
 	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
 	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
 	"github.com/golang/protobuf/ptypes/empty"
@@ -13,32 +14,42 @@ import (
 	"google.golang.org/protobuf/types/known/emptypb"
 )

-func NewAccountNoAuthRPCImpl(ctrl *controllers.AccountController) *AccountsNoAuthServer {
+func NewAccountNoAuthRPCImpl(
+	accountsCtrl *controllers.AccountController,
+	authorizationCtrl *authorization.AuthController,
+) *AccountsNoAuthServer {
 	return &AccountsNoAuthServer{
-		ctrl: ctrl,
+		accountsCtrl:      accountsCtrl,
+		authorizationCtrl: authorizationCtrl,
 	}
 }

 type AccountsNoAuthServer struct {
 	accounts.UnimplementedAccountsNoAuthServiceServer
-	ctrl *controllers.AccountController
+	accountsCtrl      *controllers.AccountController
+	authorizationCtrl *authorization.AuthController
 }

 func (a *AccountsNoAuthServer) SignIn(ctx context.Context, in *accounts.SignInRequest) (*empty.Empty, error) {
-	id, err := a.ctrl.Login(ctx, in.GetEmail(), in.GetPassword())
+	id, err := a.accountsCtrl.Login(ctx, in.GetEmail(), in.GetPassword())
 	if err != nil {
 		return nil, status.Error(codes.Aborted, "Couldn't create a user")
 	}
-	accessToken, err := a.ctrl.GenerateAccessToken(id)
+	accessToken, _, err := a.authorizationCtrl.GenerateToken(id, authorization.TokenTypeAccess)
 	if err != nil {
 		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
 	}

-	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, id)
+	refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(id, authorization.TokenTypeRefresh)
 	if err != nil {
 		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
 	}

+	session := &authorization.Session{UserID: id}
+
+	if err := a.authorizationCtrl.SaveSession(ctx, tokenID, session); err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't store session")
+	}
 	header := metadata.New(map[string]string{
 		"X-Access-Token":  accessToken,
 		"X-Refresh-Token": refreshToken,
@@ -55,21 +66,27 @@ func (a *AccountsNoAuthServer) SignUp(ctx context.Context, in *accounts.SignUpRe
 		Password: in.GetPassword(),
 		Email:    in.GetEmail(),
 	}
-	id, err := a.ctrl.Create(ctx, data)
+	id, err := a.accountsCtrl.Create(ctx, data)
 	if err != nil {
 		return nil, status.Error(codes.Aborted, "Couldn't create a user")
 	}

-	accessToken, err := a.ctrl.GenerateAccessToken(id)
+	accessToken, _, err := a.authorizationCtrl.GenerateToken(id, authorization.TokenTypeAccess)
 	if err != nil {
 		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
 	}

-	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, id)
+	refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(id, authorization.TokenTypeRefresh)
 	if err != nil {
 		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
 	}

+	session := &authorization.Session{UserID: id}
+
+	if err := a.authorizationCtrl.SaveSession(ctx, tokenID, session); err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't store session")
+	}
+
 	header := metadata.New(map[string]string{
 		"X-Access-Token":  accessToken,
 		"X-Refresh-Token": refreshToken,
@@ -79,33 +96,3 @@ func (a *AccountsNoAuthServer) SignUp(ctx context.Context, in *accounts.SignUpRe
 	}
 	return &emptypb.Empty{}, nil
 }
-
-func (a *AccountsAuthServer) RefreshToken(ctx context.Context, in *empty.Empty) (*empty.Empty, error) {
-	//uuid, err := a.ctrl.ValidateRefreshToken(ctx, , userID)
-	//if err != nil {
-	//	return nil, status.Error(codes.Unauthenticated, "refresh token is invalid")
-	//}
-	//accessToken, err := a.ctrl.GenerateAccessToken(uuid)
-	//if err != nil {
-	//	log.Error(err, "Couldn't generate an access token")
-	//	return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
-	//}
-
-	//refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, uuid)
-	//if err != nil {
-	//	log.Error(err, "Couldn't generate a refresh token")
-	//	return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
-	//}
-
-	//header := metadata.Pairs(
-	//	"access-token", accessToken,
-	//	"refreshToken", refreshToken,
-	//)
-
-	//if err := grpc.SetHeader(ctx, header); err != nil {
-	//	log.Error(err, "Couldn't set headers")
-	//	return nil, status.Error(codes.Unknown, "Couldn't set headers")
-	//}
-
-	return nil, status.Error(codes.Unimplemented, "Endpoint is not Unimplemented yet")
-}