From 0db54e0268a78eb6df70875917d2764c437631b8 Mon Sep 17 00:00:00 2001 From: LandaMm Date: Sun, 15 Jun 2025 21:13:33 +0200 Subject: [PATCH] feat: update service session on refresh --- internal/oauth/token.go | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/internal/oauth/token.go b/internal/oauth/token.go index 2ab7e2f..36685f3 100644 --- a/internal/oauth/token.go +++ b/internal/oauth/token.go @@ -269,6 +269,26 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) { return } + refreshJTI, err := uuid.Parse(claims.ID) + if err != nil { + log.Printf("ERR: Failed to parse refresh token JTI as uuid: %v\n", err) + web.Error(w, "failed to refresh token", http.StatusInternalServerError) + return + } + + session, err := h.repo.GetServiceSessionByRefreshJTI(r.Context(), &refreshJTI) + if err != nil { + log.Printf("ERR: Failed to find session by '%s' refresh jti: %v\n", refreshJTI.String(), err) + web.Error(w, "session invalid", http.StatusUnauthorized) + return + } + + if !session.IsActive { + log.Printf("INFO: Session with id '%s' is not active", session.ID.String()) + web.Error(w, "session ended", http.StatusUnauthorized) + return + } + userID, err := uuid.Parse(claims.UserID) if err != nil { web.Error(w, "invalid user credentials in refresh token", http.StatusBadRequest) @@ -284,6 +304,17 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) { id, access, refresh, err := h.signApiTokens(&user, &apiService, nil) + if err := h.repo.UpdateServiceSessionTokens(r.Context(), repository.UpdateServiceSessionTokensParams{ + ID: session.ID, + AccessTokenID: &access.ID, + RefreshTokenID: &refresh.ID, + ExpiresAt: &refresh.ExpiresAt, + }); err != nil { + log.Printf("ERR: Failed to update service session with '%s' id: %v\n", session.ID.String(), err) + web.Error(w, "failed to update session", http.StatusInternalServerError) + return + } + type Response struct { IdToken string `json:"id_token"` TokenType string `json:"token_type"`