JWT refresh

internal/httpserver/httpServer.go

@@ -23,6 +23,10 @@ import (
 	types "git.kapelle.org/niklas/s3browser/internal/types"
 )
 
+var (
+	tokenExp = int64((time.Hour * 23).Seconds())
+)
+
 type cookieExtractor struct {
 	Name string
 }
@@ -77,14 +81,17 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str
 
 	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
 		token := r.Context().Value("jwt")
+		refreshTokenIfNeeded(rw, r)
 		gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
 	})
 
 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
+		refreshTokenIfNeeded(rw, r)
 		httpGetFile(resolveContext, rw, r)
 	}).Methods("GET")
 
 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
+		refreshTokenIfNeeded(rw, r)
 		httpPostFile(resolveContext, rw, r)
 	}).Methods("POST")
 
@@ -92,8 +99,6 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str
 
 	r.HandleFunc("/api/logout", logout).Methods("POST")
 
-	r.HandleFunc("/api/refresh", refreshToken).Methods("POST")
-
 	// Init the embedded static files
 	initStatic(r)
 
@@ -243,32 +248,31 @@ func logout(rw http.ResponseWriter, r *http.Request) {
 	rw.WriteHeader(http.StatusNoContent)
 }
 
-func refreshToken(rw http.ResponseWriter, r *http.Request) {
+func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) {
-	if helper.IsAuthenticated(r.Context()) {
+	currentToken, ok := r.Context().Value("jwt").(*jwt.Token)
-		rw.WriteHeader(http.StatusUnauthorized)
+
+	if !ok && currentToken == nil {
 		return
 	}
 
-	oldToken, ok := r.Context().Value("jwt").(*jwt.Token)
+	claims, ok := currentToken.Claims.(*types.JWTClaims)
 
 	if !ok {
-		rw.WriteHeader(http.StatusInternalServerError)
+		log.Error("Failed to refresh JWT")
 		return
 	}
 
-	claims, ok := oldToken.Claims.(*types.JWTClaims)
+	// Refresh only if token older than 1 hour
-
+	if (claims.ExpiresAt - time.Now().Unix()) > tokenExp {
-	if !ok {
-		rw.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 
-	token := helper.CreateJWT(claims)
+	newToken := helper.CreateJWT(claims)
 
-	tokenString, err := token.SignedString([]byte("TODO"))
+	tokenString, err := newToken.SignedString([]byte("TODO"))
 
 	if err != nil {
-		rw.WriteHeader(http.StatusInternalServerError)
+		log.Error("Failed to refresh JWT")
 		return
 	}
 
@@ -282,4 +286,6 @@ func refreshToken(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	http.SetCookie(rw, cookie)
+
+	log.Debug("Refreshed JWT")
 }