JWT refresh

2021-09-26 16:56:32 +02:00 · 2021-09-26 16:56:32 +02:00 · f42d12ffd9
commit f42d12ffd9
parent 87dc249371
1 changed files with 20 additions and 14 deletions
--- a/internal/httpserver/httpServer.go
+++ b/internal/httpserver/httpServer.go
@ -23,6 +23,10 @@ import (
 	types "git.kapelle.org/niklas/s3browser/internal/types"
 )

+var (
+	tokenExp = int64((time.Hour * 23).Seconds())
+)
+
 type cookieExtractor struct {
 	Name string
 }
@ -77,14 +81,17 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str

 	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
 		token := r.Context().Value("jwt")
+		refreshTokenIfNeeded(rw, r)
 		gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
 	})

 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
+		refreshTokenIfNeeded(rw, r)
 		httpGetFile(resolveContext, rw, r)
 	}).Methods("GET")

 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
+		refreshTokenIfNeeded(rw, r)
 		httpPostFile(resolveContext, rw, r)
 	}).Methods("POST")

@ -92,8 +99,6 @@ func InitHttp(resolveContext context.Context, schema graphql.Schema, address str

 	r.HandleFunc("/api/logout", logout).Methods("POST")

-	r.HandleFunc("/api/refresh", refreshToken).Methods("POST")
-
 	// Init the embedded static files
 	initStatic(r)

@ -243,32 +248,31 @@ func logout(rw http.ResponseWriter, r *http.Request) {
 	rw.WriteHeader(http.StatusNoContent)
 }

-func refreshToken(rw http.ResponseWriter, r *http.Request) {
-	if helper.IsAuthenticated(r.Context()) {
-		rw.WriteHeader(http.StatusUnauthorized)
+func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) {
+	currentToken, ok := r.Context().Value("jwt").(*jwt.Token)
+
+	if !ok && currentToken == nil {
 		return
 	}

-	oldToken, ok := r.Context().Value("jwt").(*jwt.Token)
+	claims, ok := currentToken.Claims.(*types.JWTClaims)

 	if !ok {
-		rw.WriteHeader(http.StatusInternalServerError)
+		log.Error("Failed to refresh JWT")
 		return
 	}

-	claims, ok := oldToken.Claims.(*types.JWTClaims)
-
-	if !ok {
-		rw.WriteHeader(http.StatusInternalServerError)
+	// Refresh only if token older than 1 hour
+	if (claims.ExpiresAt - time.Now().Unix()) > tokenExp {
 		return
 	}

-	token := helper.CreateJWT(claims)
+	newToken := helper.CreateJWT(claims)

-	tokenString, err := token.SignedString([]byte("TODO"))
+	tokenString, err := newToken.SignedString([]byte("TODO"))

 	if err != nil {
-		rw.WriteHeader(http.StatusInternalServerError)
+		log.Error("Failed to refresh JWT")
 		return
 	}

@ -282,4 +286,6 @@ func refreshToken(rw http.ResponseWriter, r *http.Request) {
 	}

 	http.SetCookie(rw, cookie)
+
+	log.Debug("Refreshed JWT")
 }