Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9a0019f3ad | ||
|
|
0506ed6491 | ||
|
|
296c2e001d |
2
go.mod
2
go.mod
@@ -3,7 +3,7 @@ module gitea.tecamino.com/paadi/access-handler
|
||||
go 1.24.5
|
||||
|
||||
require (
|
||||
gitea.tecamino.com/paadi/dbHandler v1.0.7
|
||||
gitea.tecamino.com/paadi/dbHandler v1.0.8
|
||||
gitea.tecamino.com/paadi/tecamino-logger v0.2.1
|
||||
github.com/gin-gonic/gin v1.11.0
|
||||
github.com/go-playground/assert/v2 v2.2.0
|
||||
|
||||
4
go.sum
4
go.sum
@@ -1,5 +1,5 @@
|
||||
gitea.tecamino.com/paadi/dbHandler v1.0.7 h1:777QiVuv6CNsRT/dVtiiQd3NIOQcw7PoYo3Anz4ll+M=
|
||||
gitea.tecamino.com/paadi/dbHandler v1.0.7/go.mod h1:y/xn/POJg1DO++67uKvnO23lJQgh+XFQq7HZCS9Getw=
|
||||
gitea.tecamino.com/paadi/dbHandler v1.0.8 h1:ZWSBM/KFtLwTv2cBqwK1mOxWAxAfL0BcWEC3kJ9JALU=
|
||||
gitea.tecamino.com/paadi/dbHandler v1.0.8/go.mod h1:y/xn/POJg1DO++67uKvnO23lJQgh+XFQq7HZCS9Getw=
|
||||
gitea.tecamino.com/paadi/tecamino-logger v0.2.1 h1:sQTBKYPdzn9mmWX2JXZBtGBvNQH7cuXIwsl4TD0aMgE=
|
||||
gitea.tecamino.com/paadi/tecamino-logger v0.2.1/go.mod h1:FkzRTldUBBOd/iy2upycArDftSZ5trbsX5Ira5OzJgM=
|
||||
github.com/bytedance/sonic v1.14.0 h1:/OfKt8HFw0kh2rj8N0F6C/qPGRESq0BbaNZgcNXXzQQ=
|
||||
|
||||
@@ -60,12 +60,24 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if len(dbRecord) == 0 {
|
||||
aH.logger.Error("Login", "no user "+user.Name+" found")
|
||||
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("invalid credentials"))
|
||||
return
|
||||
}
|
||||
|
||||
if len(dbRecord) > 1 {
|
||||
aH.logger.Error("Login", "more than one record found")
|
||||
c.JSON(http.StatusInternalServerError, models.NewJsonMessageResponse("internal error"))
|
||||
return
|
||||
}
|
||||
|
||||
if !dbRecord[0].ExpirationIsValid() {
|
||||
aH.logger.Error("Login", fmt.Sprintf("user %s is expired", user.Name))
|
||||
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+user.Name+" is expired"))
|
||||
return
|
||||
}
|
||||
|
||||
// Check password
|
||||
if !utils.CheckPassword(user.Password, dbRecord[0].Password) {
|
||||
aH.logger.Error("Login", "invalid password")
|
||||
@@ -84,20 +96,22 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
||||
|
||||
// Create access token
|
||||
accessToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"id": user.Id,
|
||||
"username": user.Name,
|
||||
"role": user.Role,
|
||||
"type": "access",
|
||||
"exp": accessTokenExp.Unix(),
|
||||
"id": user.Id,
|
||||
"username": user.Name,
|
||||
"role": user.Role,
|
||||
"type": "access",
|
||||
"exp": accessTokenExp.Unix(),
|
||||
"userExpiration": user.Expiration,
|
||||
})
|
||||
|
||||
// Create refresh token
|
||||
refreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"id": user.Id,
|
||||
"username": user.Name,
|
||||
"role": user.Role,
|
||||
"type": "refresh",
|
||||
"exp": refreshTokenExp.Unix(),
|
||||
"id": user.Id,
|
||||
"username": user.Name,
|
||||
"role": user.Role,
|
||||
"type": "refresh",
|
||||
"exp": refreshTokenExp.Unix(),
|
||||
"userExpiration": user.GetExpiration(),
|
||||
})
|
||||
|
||||
// Sign tokens
|
||||
@@ -175,6 +189,13 @@ func (aH *AccessHandler) Refresh(c *gin.Context) {
|
||||
id := int(claims["id"].(float64))
|
||||
role := claims["role"].(string)
|
||||
|
||||
if !expirationDateValid(claims["userExpiration"].(string)) {
|
||||
aH.Logout(c)
|
||||
aH.logger.Error("Refresh", fmt.Sprintf("user %s is expired", username))
|
||||
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+username+" is expired"))
|
||||
return
|
||||
}
|
||||
|
||||
// Create new access token
|
||||
aH.logger.Debug("Refresh", "create new access token")
|
||||
accessExp := time.Now().Add(ACCESS_TOKEN_TIME)
|
||||
@@ -240,3 +261,16 @@ func (aH *AccessHandler) Logout(c *gin.Context) {
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "logged out"})
|
||||
}
|
||||
|
||||
func expirationDateValid(expiration string) bool {
|
||||
if expiration == "" {
|
||||
return true // No expiration = always valid
|
||||
}
|
||||
|
||||
t, err := time.Parse(time.RFC3339, expiration)
|
||||
if err != nil {
|
||||
return false // Invalid date format
|
||||
}
|
||||
|
||||
return time.Now().Before(t)
|
||||
}
|
||||
|
||||
@@ -15,3 +15,17 @@ type User struct {
|
||||
func (u *User) IsValid() bool {
|
||||
return u.Name != ""
|
||||
}
|
||||
|
||||
func (u *User) ExpirationIsValid() bool {
|
||||
if u.Expiration == nil {
|
||||
return true
|
||||
}
|
||||
return time.Now().Before(*u.Expiration)
|
||||
}
|
||||
|
||||
func (u *User) GetExpiration() string {
|
||||
if u.Expiration == nil {
|
||||
return ""
|
||||
}
|
||||
return u.Expiration.Format(time.RFC3339)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user