Nikolai Rodionov
e58eba1b16
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
78 lines
2.4 KiB
Go
78 lines
2.4 KiB
Go
package v1
|
|
|
|
import (
|
|
"context"
|
|
|
|
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/authorization"
|
|
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
|
|
accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
|
|
"github.com/golang/protobuf/ptypes/empty"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/metadata"
|
|
"google.golang.org/grpc/status"
|
|
"google.golang.org/protobuf/types/known/emptypb"
|
|
)
|
|
|
|
func NewAccountAuthRPCImpl(
|
|
accountsCtrl *controllers.AccountController,
|
|
authorizationCtrl *authorization.AuthController,
|
|
) *AccountsAuthServer {
|
|
return &AccountsAuthServer{
|
|
accountsCtrl: accountsCtrl,
|
|
authorizationCtrl: authorizationCtrl,
|
|
}
|
|
}
|
|
|
|
type AccountsAuthServer struct {
|
|
accounts.UnimplementedAccountsAuthServiceServer
|
|
accountsCtrl *controllers.AccountController
|
|
authorizationCtrl *authorization.AuthController
|
|
}
|
|
|
|
func (a *AccountsAuthServer) RefreshToken(ctx context.Context, in *empty.Empty) (*empty.Empty, error) {
|
|
claims, err := a.authorizationCtrl.ClaimsFromContext(ctx)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Aborted, "Context is invalid")
|
|
}
|
|
|
|
if claims.TokenType != authorization.TokenTypeRefresh {
|
|
return nil, status.Error(codes.Unauthenticated, "Invalid token")
|
|
}
|
|
|
|
session, err := a.authorizationCtrl.GetSession(ctx, claims.TokenID)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Unauthenticated, "Session doesn't exists")
|
|
}
|
|
|
|
if session.UserID != claims.UserID {
|
|
return nil, status.Error(codes.Unauthenticated, "Invalid session")
|
|
}
|
|
|
|
accessToken, _, err := a.authorizationCtrl.GenerateToken(session.UserID, authorization.TokenTypeAccess)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
|
}
|
|
|
|
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(session.UserID, authorization.TokenTypeRefresh)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
|
}
|
|
|
|
newSession := &authorization.Session{UserID: session.UserID}
|
|
|
|
if err := a.authorizationCtrl.SaveSession(ctx, tokenID, newSession); err != nil {
|
|
return nil, status.Error(codes.Aborted, "Couldn't store session")
|
|
}
|
|
|
|
header := metadata.New(map[string]string{
|
|
"X-Access-Token": accessToken,
|
|
"X-Refresh-Token": refreshToken,
|
|
})
|
|
if err := grpc.SetHeader(ctx, header); err != nil {
|
|
return nil, status.Error(codes.Aborted, "Couldn't set metadata")
|
|
}
|
|
|
|
return &emptypb.Empty{}, nil
|
|
}
|