64 lines
1.6 KiB
Go
64 lines
1.6 KiB
Go
package tokens
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
"io"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/tech/sendico/pkg/db/refreshtokens"
|
|
"github.com/tech/sendico/pkg/merrors"
|
|
"github.com/tech/sendico/pkg/mlogger"
|
|
"github.com/tech/sendico/pkg/model"
|
|
"github.com/tech/sendico/pkg/mutil/mzap"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
func generateRefreshTokenData(length int) (string, error) {
|
|
randomBytes := make([]byte, length)
|
|
if _, err := io.ReadFull(rand.Reader, randomBytes); err != nil {
|
|
return "", merrors.Internal("failed to generate secure random bytes: " + err.Error())
|
|
}
|
|
|
|
return base64.URLEncoding.EncodeToString(randomBytes), nil
|
|
}
|
|
|
|
func PrepareRefreshToken(
|
|
ctx context.Context,
|
|
r *http.Request,
|
|
rtdb refreshtokens.DB,
|
|
length int,
|
|
refreshExpiration int,
|
|
session *model.SessionIdentifier,
|
|
account *model.Account,
|
|
logger mlogger.Logger,
|
|
) (*model.RefreshToken, error) {
|
|
refreshToken, err := generateRefreshTokenData(length)
|
|
if err != nil {
|
|
logger.Warn("Failed to generate refresh token", zap.Error(err), mzap.StorableRef(account))
|
|
return nil, err
|
|
}
|
|
|
|
token := &model.RefreshToken{
|
|
AccountRef: account.GetID(),
|
|
ClientRefreshToken: model.ClientRefreshToken{
|
|
SessionIdentifier: *session,
|
|
RefreshToken: refreshToken,
|
|
},
|
|
ExpiresAt: time.Now().Add(time.Duration(refreshExpiration) * time.Hour),
|
|
IsRevoked: false,
|
|
UserAgent: r.UserAgent(),
|
|
IPAddress: r.RemoteAddr,
|
|
}
|
|
|
|
if err = rtdb.Create(ctx, token); err != nil {
|
|
logger.Warn("Failed to store a refresh token", zap.Error(err), mzap.StorableRef(account),
|
|
zap.String("client_id", token.ClientID), zap.String("device_id", token.DeviceID))
|
|
return nil, err
|
|
}
|
|
|
|
return token, nil
|
|
}
|