/
refreshToken.go
94 lines (83 loc) · 2.93 KB
/
refreshToken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package service
import (
"errors"
"fmt"
pbAS "github.com/plgd-dev/cloud/authorization/pb"
"github.com/plgd-dev/cloud/coap-gateway/coapconv"
coapCodes "github.com/plgd-dev/go-coap/v2/message/codes"
"github.com/plgd-dev/go-coap/v2/mux"
"github.com/plgd-dev/kit/codec/cbor"
"github.com/plgd-dev/kit/net/coap"
"google.golang.org/grpc/status"
)
type CoapRefreshTokenReq struct {
DeviceID string `json:"di"`
UserID string `json:"uid"`
RefreshToken string `json:"refreshtoken"`
}
type CoapRefreshTokenResp struct {
ExpiresIn int64 `json:"expiresin"`
AccessToken string `json:"accesstoken"`
RefreshToken string `json:"refreshtoken"`
}
func validateRefreshToken(req CoapRefreshTokenReq) error {
if req.DeviceID == "" {
return errors.New("cannot refresh token: invalid deviceID")
}
if req.RefreshToken == "" {
return errors.New("cannot refresh token: invalid refreshToken")
}
if req.UserID == "" {
return errors.New("cannot refresh token: invalid userId")
}
return nil
}
func refreshTokenPostHandler(s mux.ResponseWriter, req *mux.Message, client *Client) {
var refreshToken CoapRefreshTokenReq
err := cbor.ReadFrom(req.Body, &refreshToken)
if err != nil {
client.logAndWriteErrorResponse(fmt.Errorf("cannot handle refresh token: %w", err), coapCodes.BadRequest, req.Token)
return
}
err = validateRefreshToken(refreshToken)
if err != nil {
client.logAndWriteErrorResponse(fmt.Errorf("cannot handle refresh token: %w", err), coapCodes.BadRequest, req.Token)
return
}
resp, err := client.server.asClient.RefreshToken(req.Context, &pbAS.RefreshTokenRequest{
DeviceId: refreshToken.DeviceID,
UserId: refreshToken.UserID,
RefreshToken: refreshToken.RefreshToken,
})
if err != nil {
client.logAndWriteErrorResponse(fmt.Errorf("cannot handle refresh token: %w", err), coapconv.GrpcCode2CoapCode(status.Convert(err).Code(), coapCodes.POST), req.Token)
return
}
coapResp := CoapRefreshTokenResp{
RefreshToken: resp.RefreshToken,
AccessToken: resp.AccessToken,
ExpiresIn: resp.ExpiresIn,
}
accept := coap.GetAccept(req.Options)
encode, err := coap.GetEncoder(accept)
if err != nil {
client.logAndWriteErrorResponse(fmt.Errorf("cannot handle sign in: %w", err), coapCodes.InternalServerError, req.Token)
return
}
out, err := encode(coapResp)
if err != nil {
client.logAndWriteErrorResponse(fmt.Errorf("cannot handle sign in: %w", err), coapCodes.InternalServerError, req.Token)
return
}
client.sendResponse(coapCodes.Changed, req.Token, accept, out)
}
// RefreshToken
// https://github.com/openconnectivityfoundation/security/blob/master/swagger2.0/oic.sec.tokenrefresh.swagger.json
func refreshTokenHandler(s mux.ResponseWriter, req *mux.Message, client *Client) {
switch req.Code {
case coapCodes.POST:
refreshTokenPostHandler(s, req, client)
default:
client.logAndWriteErrorResponse(fmt.Errorf("Forbidden request from %v", client.remoteAddrString()), coapCodes.Forbidden, req.Token)
}
}