diff --git a/internal/httpserver/httpServer.go b/internal/httpserver/httpServer.go index 5d45e1d..a934b55 100644 --- a/internal/httpserver/httpServer.go +++ b/internal/httpserver/httpServer.go @@ -23,6 +23,10 @@ import ( types "git.kapelle.org/niklas/s3browser/internal/types" ) +var ( + tokenExp = int64((time.Hour * 23).Seconds()) +) + type cookieExtractor struct { Name string } @@ -77,14 +81,17 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) { token := r.Context().Value("jwt") + refreshTokenIfNeeded(rw, r) gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r) }) r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) { + refreshTokenIfNeeded(rw, r) httpGetFile(resolveContext, rw, r) }).Methods("GET") r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) { + refreshTokenIfNeeded(rw, r) httpPostFile(resolveContext, rw, r) }).Methods("POST") @@ -92,8 +99,6 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str r.HandleFunc("/api/logout", logout).Methods("POST") - r.HandleFunc("/api/refresh", refreshToken).Methods("POST") - // Init the embedded static files initStatic(r) @@ -243,32 +248,31 @@ func logout(rw http.ResponseWriter, r *http.Request) { rw.WriteHeader(http.StatusNoContent) } -func refreshToken(rw http.ResponseWriter, r *http.Request) { - if helper.IsAuthenticated(r.Context()) { - rw.WriteHeader(http.StatusUnauthorized) +func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) { + currentToken, ok := r.Context().Value("jwt").(*jwt.Token) + + if !ok && currentToken == nil { return } - oldToken, ok := r.Context().Value("jwt").(*jwt.Token) + claims, ok := currentToken.Claims.(*types.JWTClaims) if !ok { - rw.WriteHeader(http.StatusInternalServerError) + log.Error("Failed to refresh JWT") return } - claims, ok := oldToken.Claims.(*types.JWTClaims) - - if !ok { - rw.WriteHeader(http.StatusInternalServerError) + // Refresh only if token older than 1 hour + if (claims.ExpiresAt - time.Now().Unix()) > tokenExp { return } - token := helper.CreateJWT(claims) + newToken := helper.CreateJWT(claims) - tokenString, err := token.SignedString([]byte("TODO")) + tokenString, err := newToken.SignedString([]byte("TODO")) if err != nil { - rw.WriteHeader(http.StatusInternalServerError) + log.Error("Failed to refresh JWT") return } @@ -282,4 +286,6 @@ func refreshToken(rw http.ResponseWriter, r *http.Request) { } http.SetCookie(rw, cookie) + + log.Debug("Refreshed JWT") }