JWT refresh

This commit is contained in:
Djeeberjr 2021-09-26 16:56:32 +02:00
parent 87dc249371
commit f42d12ffd9

View File

@ -23,6 +23,10 @@ import (
types "git.kapelle.org/niklas/s3browser/internal/types" types "git.kapelle.org/niklas/s3browser/internal/types"
) )
var (
tokenExp = int64((time.Hour * 23).Seconds())
)
type cookieExtractor struct { type cookieExtractor struct {
Name string Name string
} }
@ -77,14 +81,17 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str
r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) { r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
token := r.Context().Value("jwt") token := r.Context().Value("jwt")
refreshTokenIfNeeded(rw, r)
gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r) gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
}) })
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) { r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
refreshTokenIfNeeded(rw, r)
httpGetFile(resolveContext, rw, r) httpGetFile(resolveContext, rw, r)
}).Methods("GET") }).Methods("GET")
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) { r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
refreshTokenIfNeeded(rw, r)
httpPostFile(resolveContext, rw, r) httpPostFile(resolveContext, rw, r)
}).Methods("POST") }).Methods("POST")
@ -92,8 +99,6 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str
r.HandleFunc("/api/logout", logout).Methods("POST") r.HandleFunc("/api/logout", logout).Methods("POST")
r.HandleFunc("/api/refresh", refreshToken).Methods("POST")
// Init the embedded static files // Init the embedded static files
initStatic(r) initStatic(r)
@ -243,32 +248,31 @@ func logout(rw http.ResponseWriter, r *http.Request) {
rw.WriteHeader(http.StatusNoContent) rw.WriteHeader(http.StatusNoContent)
} }
func refreshToken(rw http.ResponseWriter, r *http.Request) { func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) {
if helper.IsAuthenticated(r.Context()) { currentToken, ok := r.Context().Value("jwt").(*jwt.Token)
rw.WriteHeader(http.StatusUnauthorized)
if !ok && currentToken == nil {
return return
} }
oldToken, ok := r.Context().Value("jwt").(*jwt.Token) claims, ok := currentToken.Claims.(*types.JWTClaims)
if !ok { if !ok {
rw.WriteHeader(http.StatusInternalServerError) log.Error("Failed to refresh JWT")
return return
} }
claims, ok := oldToken.Claims.(*types.JWTClaims) // Refresh only if token older than 1 hour
if (claims.ExpiresAt - time.Now().Unix()) > tokenExp {
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return return
} }
token := helper.CreateJWT(claims) newToken := helper.CreateJWT(claims)
tokenString, err := token.SignedString([]byte("TODO")) tokenString, err := newToken.SignedString([]byte("TODO"))
if err != nil { if err != nil {
rw.WriteHeader(http.StatusInternalServerError) log.Error("Failed to refresh JWT")
return return
} }
@ -282,4 +286,6 @@ func refreshToken(rw http.ResponseWriter, r *http.Request) {
} }
http.SetCookie(rw, cookie) http.SetCookie(rw, cookie)
log.Debug("Refreshed JWT")
} }