From f42d12ffd97d7ae8b387dab1cb6938dea15765b3 Mon Sep 17 00:00:00 2001
From: Djeeberjr <djeeberjr@gmail.com>
Date: Sun, 26 Sep 2021 16:56:32 +0200
Subject: [PATCH] JWT refresh

---
 internal/httpserver/httpServer.go | 34 ++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/internal/httpserver/httpServer.go b/internal/httpserver/httpServer.go
index 5d45e1d..a934b55 100644
--- a/internal/httpserver/httpServer.go
+++ b/internal/httpserver/httpServer.go
@@ -23,6 +23,10 @@ import (
 	types "git.kapelle.org/niklas/s3browser/internal/types"
 )
 
+var (
+	tokenExp = int64((time.Hour * 23).Seconds())
+)
+
 type cookieExtractor struct {
 	Name string
 }
@@ -77,14 +81,17 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str
 
 	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
 		token := r.Context().Value("jwt")
+		refreshTokenIfNeeded(rw, r)
 		gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
 	})
 
 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
+		refreshTokenIfNeeded(rw, r)
 		httpGetFile(resolveContext, rw, r)
 	}).Methods("GET")
 
 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
+		refreshTokenIfNeeded(rw, r)
 		httpPostFile(resolveContext, rw, r)
 	}).Methods("POST")
 
@@ -92,8 +99,6 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str
 
 	r.HandleFunc("/api/logout", logout).Methods("POST")
 
-	r.HandleFunc("/api/refresh", refreshToken).Methods("POST")
-
 	// Init the embedded static files
 	initStatic(r)
 
@@ -243,32 +248,31 @@ func logout(rw http.ResponseWriter, r *http.Request) {
 	rw.WriteHeader(http.StatusNoContent)
 }
 
-func refreshToken(rw http.ResponseWriter, r *http.Request) {
-	if helper.IsAuthenticated(r.Context()) {
-		rw.WriteHeader(http.StatusUnauthorized)
+func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) {
+	currentToken, ok := r.Context().Value("jwt").(*jwt.Token)
+
+	if !ok && currentToken == nil {
 		return
 	}
 
-	oldToken, ok := r.Context().Value("jwt").(*jwt.Token)
+	claims, ok := currentToken.Claims.(*types.JWTClaims)
 
 	if !ok {
-		rw.WriteHeader(http.StatusInternalServerError)
+		log.Error("Failed to refresh JWT")
 		return
 	}
 
-	claims, ok := oldToken.Claims.(*types.JWTClaims)
-
-	if !ok {
-		rw.WriteHeader(http.StatusInternalServerError)
+	// Refresh only if token older than 1 hour
+	if (claims.ExpiresAt - time.Now().Unix()) > tokenExp {
 		return
 	}
 
-	token := helper.CreateJWT(claims)
+	newToken := helper.CreateJWT(claims)
 
-	tokenString, err := token.SignedString([]byte("TODO"))
+	tokenString, err := newToken.SignedString([]byte("TODO"))
 
 	if err != nil {
-		rw.WriteHeader(http.StatusInternalServerError)
+		log.Error("Failed to refresh JWT")
 		return
 	}
 
@@ -282,4 +286,6 @@ func refreshToken(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	http.SetCookie(rw, cookie)
+
+	log.Debug("Refreshed JWT")
 }