-
Notifications
You must be signed in to change notification settings - Fork 28
/
handler_revoke.go
67 lines (55 loc) · 1.59 KB
/
handler_revoke.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package handler
import (
"crypto/subtle"
"errors"
"github.com/authgear/authgear-server/pkg/lib/oauth"
"github.com/authgear/authgear-server/pkg/lib/oauth/protocol"
"github.com/authgear/authgear-server/pkg/lib/session"
)
type SessionManager interface {
RevokeWithEvent(session session.Session, isTermination bool, isAdminAPI bool) error
RevokeWithoutEvent(session session.Session) error
}
type RevokeHandler struct {
SessionManager SessionManager
OfflineGrants oauth.OfflineGrantStore
AccessGrants oauth.AccessGrantStore
}
func (h *RevokeHandler) Handle(r protocol.RevokeRequest) error {
token, grantID, err := oauth.DecodeRefreshToken(r.Token())
if err == nil {
return h.revokeOfflineGrant(token, grantID)
}
return h.revokeAccessGrant(r.Token())
}
func (h *RevokeHandler) revokeOfflineGrant(token, grantID string) error {
offlineGrant, err := h.OfflineGrants.GetOfflineGrant(grantID)
if errors.Is(err, oauth.ErrGrantNotFound) {
return nil
} else if err != nil {
return err
}
tokenHash := oauth.HashToken(token)
if subtle.ConstantTimeCompare([]byte(tokenHash), []byte(offlineGrant.TokenHash)) != 1 {
return nil
}
err = h.SessionManager.RevokeWithEvent(offlineGrant, false, false)
if err != nil {
return err
}
return nil
}
func (h *RevokeHandler) revokeAccessGrant(token string) error {
tokenHash := oauth.HashToken(token)
accessGrant, err := h.AccessGrants.GetAccessGrant(tokenHash)
if errors.Is(err, oauth.ErrGrantNotFound) {
return nil
} else if err != nil {
return err
}
err = h.AccessGrants.DeleteAccessGrant(accessGrant)
if err != nil {
return err
}
return nil
}