From e0c095c24d6e3b3a2e104a7b454f2f4418ebbc65 Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Wed, 11 Jun 2025 20:34:56 +0200
Subject: [PATCH] feat: create/update session when refreshing

---
 internal/auth/refresh.go | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/internal/auth/refresh.go b/internal/auth/refresh.go
index fb59638..049042a 100644
--- a/internal/auth/refresh.go
+++ b/internal/auth/refresh.go
@@ -3,10 +3,12 @@ package auth
 import (
 	"encoding/json"
 	"fmt"
+	"log"
 	"net/http"
 	"strings"
 	"time"
 
+	"gitea.local/admin/hspguard/internal/repository"
 	"gitea.local/admin/hspguard/internal/types"
 	"gitea.local/admin/hspguard/internal/util"
 	"gitea.local/admin/hspguard/internal/web"
@@ -64,6 +66,44 @@ func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	jti, err := uuid.Parse(userClaims.ID)
+	if session, err := h.repo.GetUserSessionByRefreshJTI(r.Context(), &jti); err != nil {
+		log.Printf("WARN: No existing user session found for user with '%s' email (jti: '%s'): %v\n", user.Email, userClaims.ID, err)
+
+		userAgent := r.UserAgent()
+
+		ipAddr := util.GetClientIP(r)
+		deviceInfo := util.BuildDeviceInfo(userAgent, ipAddr)
+
+		// Create User Session
+		session, err := h.repo.CreateUserSession(r.Context(), repository.CreateUserSessionParams{
+			UserID:         user.ID,
+			SessionType:    "user",
+			ExpiresAt:      &refresh.ExpiresAt,
+			LastActive:     nil,
+			IpAddress:      &ipAddr,
+			UserAgent:      &userAgent,
+			AccessTokenID:  &access.ID,
+			RefreshTokenID: &refresh.ID,
+			DeviceInfo:     deviceInfo,
+		})
+		if err != nil {
+			log.Printf("ERR: Failed to create user session after logging in: %v\n", err)
+		}
+
+		log.Printf("INFO: User session created for '%s' with '%s' id\n", user.Email, session.ID.String())
+	} else {
+		err := h.repo.UpdateSessionTokens(r.Context(), repository.UpdateSessionTokensParams{
+			ID:             session.ID,
+			AccessTokenID:  &access.ID,
+			RefreshTokenID: &refresh.ID,
+			ExpiresAt:      &refresh.ExpiresAt,
+		})
+		if err != nil {
+			log.Printf("ERR: Failed to update user session with '%s' id: %v\n", session.ID.String(), err)
+		}
+	}
+
 	type Response struct {
 		AccessToken  string `json:"access"`
 		RefreshToken string `json:"refresh"`