feat: token sign with meta data
This commit is contained in:
@ -11,6 +11,7 @@ import (
|
|||||||
"gitea.local/admin/hspguard/internal/util"
|
"gitea.local/admin/hspguard/internal/util"
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
|
"github.com/google/uuid"
|
||||||
)
|
)
|
||||||
|
|
||||||
type AuthHandler struct {
|
type AuthHandler struct {
|
||||||
@ -19,7 +20,24 @@ type AuthHandler struct {
|
|||||||
cfg *config.AppConfig
|
cfg *config.AppConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *AuthHandler) signTokens(user *repository.User) (string, string, error) {
|
type SignedToken struct {
|
||||||
|
Token string
|
||||||
|
ExpiresAt time.Time
|
||||||
|
ID uuid.UUID
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewSignedToken(token string, expiresAt time.Time, jti uuid.UUID) *SignedToken {
|
||||||
|
return &SignedToken{
|
||||||
|
Token: token,
|
||||||
|
ExpiresAt: expiresAt,
|
||||||
|
ID: jti,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *AuthHandler) signTokens(user *repository.User) (*SignedToken, *SignedToken, error) {
|
||||||
|
accessExpiresAt := time.Now().Add(15 * time.Minute)
|
||||||
|
accessJTI := uuid.New()
|
||||||
|
|
||||||
accessClaims := types.UserClaims{
|
accessClaims := types.UserClaims{
|
||||||
UserEmail: user.Email,
|
UserEmail: user.Email,
|
||||||
IsAdmin: user.IsAdmin,
|
IsAdmin: user.IsAdmin,
|
||||||
@ -27,15 +45,19 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
|
|||||||
Issuer: h.cfg.Uri,
|
Issuer: h.cfg.Uri,
|
||||||
Subject: user.ID.String(),
|
Subject: user.ID.String(),
|
||||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
|
ExpiresAt: jwt.NewNumericDate(accessExpiresAt),
|
||||||
|
ID: accessJTI.String(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
accessToken, err := util.SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
|
accessToken, err := util.SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", "", err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
refreshExpiresAt := time.Now().Add(30 * 24 * time.Hour)
|
||||||
|
refreshJTI := uuid.New()
|
||||||
|
|
||||||
refreshClaims := types.UserClaims{
|
refreshClaims := types.UserClaims{
|
||||||
UserEmail: user.Email,
|
UserEmail: user.Email,
|
||||||
IsAdmin: user.IsAdmin,
|
IsAdmin: user.IsAdmin,
|
||||||
@ -43,16 +65,17 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
|
|||||||
Issuer: h.cfg.Uri,
|
Issuer: h.cfg.Uri,
|
||||||
Subject: user.ID.String(),
|
Subject: user.ID.String(),
|
||||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
|
ExpiresAt: jwt.NewNumericDate(refreshExpiresAt),
|
||||||
|
ID: refreshJTI.String(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
refreshToken, err := util.SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
|
refreshToken, err := util.SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", "", err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return accessToken, refreshToken, nil
|
return NewSignedToken(accessToken, accessExpiresAt, accessJTI), NewSignedToken(refreshToken, refreshExpiresAt, refreshJTI), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAuthHandler(repo *repository.Queries, cache *cache.Client, cfg *config.AppConfig) *AuthHandler {
|
func NewAuthHandler(repo *repository.Queries, cache *cache.Client, cfg *config.AppConfig) *AuthHandler {
|
||||||
|
|||||||
Reference in New Issue
Block a user