admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:a773f1f8b4734a1a24652ecb8631db8208367d39
Branches Tags
admin:main admin:group-role-permission
..
compare: admin:0db54e0268a78eb6df70875917d2764c437631b8
Branches Tags
admin:group-role-permission admin:main

2 Commits
a773f1f8b4 ... 0db54e0268

Author SHA1 Message Date
LandaMm
0db54e0268 feat: update service session on refresh 2025-06-15 21:13:33 +02:00
LandaMm
b3ef96a0ce feat: update service session's tokens 2025-06-15 21:13:23 +02:00
3 changed files with 61 additions and 0 deletions
Expand all files Collapse all files

31
internal/oauth/token.go
View File

@ -269,6 +269,26 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
return
}
refreshJTI, err := uuid.Parse(claims.ID)
if err != nil {
log.Printf("ERR: Failed to parse refresh token JTI as uuid: %v\n", err)
web.Error(w, "failed to refresh token", http.StatusInternalServerError)
return
}
session, err := h.repo.GetServiceSessionByRefreshJTI(r.Context(), &refreshJTI)
if err != nil {
log.Printf("ERR: Failed to find session by '%s' refresh jti: %v\n", refreshJTI.String(), err)
web.Error(w, "session invalid", http.StatusUnauthorized)
return
}
if !session.IsActive {
log.Printf("INFO: Session with id '%s' is not active", session.ID.String())
web.Error(w, "session ended", http.StatusUnauthorized)
return
}
userID, err := uuid.Parse(claims.UserID)
if err != nil {
web.Error(w, "invalid user credentials in refresh token", http.StatusBadRequest)
@ -284,6 +304,17 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
id, access, refresh, err := h.signApiTokens(&user, &apiService, nil)
if err := h.repo.UpdateServiceSessionTokens(r.Context(), repository.UpdateServiceSessionTokensParams{
ID: session.ID,
AccessTokenID: &access.ID,
RefreshTokenID: &refresh.ID,
ExpiresAt: &refresh.ExpiresAt,
}); err != nil {
log.Printf("ERR: Failed to update service session with '%s' id: %v\n", session.ID.String(), err)
web.Error(w, "failed to update session", http.StatusInternalServerError)
return
}
type Response struct {
IdToken string `json:"id_token"`
TokenType string `json:"token_type"`

24
internal/repository/service_sessions.sql.go
View File

@ -393,3 +393,27 @@ func (q *Queries) UpdateServiceSessionLastActive(ctx context.Context, id uuid.UU
_, err := q.db.Exec(ctx, updateServiceSessionLastActive, id)
return err
}
const updateServiceSessionTokens = `-- name: UpdateServiceSessionTokens :exec
UPDATE service_sessions
SET access_token_id = $2, refresh_token_id = $3, expires_at = $4
WHERE id = $1
AND is_active = TRUE
`
type UpdateServiceSessionTokensParams struct {
ID uuid.UUID `json:"id"`
AccessTokenID *uuid.UUID `json:"access_token_id"`
RefreshTokenID *uuid.UUID `json:"refresh_token_id"`
ExpiresAt *time.Time `json:"expires_at"`
}
func (q *Queries) UpdateServiceSessionTokens(ctx context.Context, arg UpdateServiceSessionTokensParams) error {
_, err := q.db.Exec(ctx, updateServiceSessionTokens,
arg.ID,
arg.AccessTokenID,
arg.RefreshTokenID,
arg.ExpiresAt,
)
return err
}

6
queries/service_sessions.sql
View File

@ -46,6 +46,12 @@ SET last_active = NOW()
WHERE id = $1
AND is_active = TRUE;
-- name: UpdateServiceSessionTokens :exec
UPDATE service_sessions
SET access_token_id = $2, refresh_token_id = $3, expires_at = $4
WHERE id = $1
AND is_active = TRUE;
-- name: ListAllServiceSessions :many
SELECT * FROM service_sessions
ORDER BY issued_at DESC