-
Notifications
You must be signed in to change notification settings - Fork 0
/
authenticate_refresh_token.go
62 lines (51 loc) · 1.86 KB
/
authenticate_refresh_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package aclcore
import (
"errors"
log "github.com/sirupsen/logrus"
"github.com/thomasduchatelle/dphoto/pkg/usermodel"
)
// RefreshTokenAuthenticator use a known identity token issued by a known and trusted identity provider (google, facebook, ...) to create an access token
type RefreshTokenAuthenticator struct {
AccessTokenGenerator IAccessTokenGenerator
RefreshTokenGenerator IRefreshTokenGenerator
RefreshTokenRepository RefreshTokenRepository
IdentityDetailsStore IdentityDetailsStore
}
type IAccessTokenGenerator interface {
GenerateAccessToken(email usermodel.UserId) (*Authentication, error)
}
type IRefreshTokenGenerator interface {
GenerateRefreshToken(spec RefreshTokenSpec) (string, error)
}
func (s *RefreshTokenAuthenticator) AuthenticateFromRefreshToken(refreshToken string) (*Authentication, *Identity, error) {
spec, err := s.RefreshTokenRepository.FindRefreshToken(refreshToken)
if err != nil {
return nil, nil, err // can be an InvalidRefreshTokenError
}
if spec.AbsoluteExpiryTime.Before(TimeFunc()) {
if deletedTokens, err := s.RefreshTokenRepository.HouseKeepRefreshToken(); err != nil {
log.Infof("housekeeping - %d expired refresh token have been deleted", deletedTokens)
}
return nil, nil, ExpiredRefreshTokenError
}
identity, err := s.IdentityDetailsStore.FindIdentity(spec.Email)
if errors.Is(err, IdentityDetailsNotFoundError) {
identity = &Identity{
Email: spec.Email,
Name: spec.Email.Value(),
Picture: "",
}
} else if err != nil {
return nil, nil, err
}
authentication, err := s.AccessTokenGenerator.GenerateAccessToken(spec.Email)
if err != nil {
return nil, nil, err
}
authentication.RefreshToken, err = s.RefreshTokenGenerator.GenerateRefreshToken(*spec)
if err != nil {
return nil, nil, err
}
err = s.RefreshTokenRepository.DeleteRefreshToken(refreshToken)
return authentication, identity, err
}