|
|
|
|
@@ -60,12 +60,24 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(dbRecord) == 0 {
|
|
|
|
|
aH.logger.Error("Login", "no user "+user.Name+" found")
|
|
|
|
|
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("invalid credentials"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(dbRecord) > 1 {
|
|
|
|
|
aH.logger.Error("Login", "more than one record found")
|
|
|
|
|
c.JSON(http.StatusInternalServerError, models.NewJsonMessageResponse("internal error"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !dbRecord[0].ExpirationIsValid() {
|
|
|
|
|
aH.logger.Error("Login", fmt.Sprintf("user %s is expired", user.Name))
|
|
|
|
|
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+user.Name+" is expired"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check password
|
|
|
|
|
if !utils.CheckPassword(user.Password, dbRecord[0].Password) {
|
|
|
|
|
aH.logger.Error("Login", "invalid password")
|
|
|
|
|
@@ -84,20 +96,22 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
|
|
|
|
|
|
|
|
|
// Create access token
|
|
|
|
|
accessToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
|
|
|
"id": user.Id,
|
|
|
|
|
"username": user.Name,
|
|
|
|
|
"role": user.Role,
|
|
|
|
|
"type": "access",
|
|
|
|
|
"exp": accessTokenExp.Unix(),
|
|
|
|
|
"id": user.Id,
|
|
|
|
|
"username": user.Name,
|
|
|
|
|
"role": user.Role,
|
|
|
|
|
"type": "access",
|
|
|
|
|
"exp": accessTokenExp.Unix(),
|
|
|
|
|
"userExpiration": user.Expiration,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Create refresh token
|
|
|
|
|
refreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
|
|
|
"id": user.Id,
|
|
|
|
|
"username": user.Name,
|
|
|
|
|
"role": user.Role,
|
|
|
|
|
"type": "refresh",
|
|
|
|
|
"exp": refreshTokenExp.Unix(),
|
|
|
|
|
"id": user.Id,
|
|
|
|
|
"username": user.Name,
|
|
|
|
|
"role": user.Role,
|
|
|
|
|
"type": "refresh",
|
|
|
|
|
"exp": refreshTokenExp.Unix(),
|
|
|
|
|
"userExpiration": user.GetExpiration(),
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Sign tokens
|
|
|
|
|
@@ -175,6 +189,13 @@ func (aH *AccessHandler) Refresh(c *gin.Context) {
|
|
|
|
|
id := int(claims["id"].(float64))
|
|
|
|
|
role := claims["role"].(string)
|
|
|
|
|
|
|
|
|
|
if !expirationDateValid(claims["userExpiration"].(string)) {
|
|
|
|
|
aH.Logout(c)
|
|
|
|
|
aH.logger.Error("Refresh", fmt.Sprintf("user %s is expired", username))
|
|
|
|
|
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+username+" is expired"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create new access token
|
|
|
|
|
aH.logger.Debug("Refresh", "create new access token")
|
|
|
|
|
accessExp := time.Now().Add(ACCESS_TOKEN_TIME)
|
|
|
|
|
@@ -240,3 +261,16 @@ func (aH *AccessHandler) Logout(c *gin.Context) {
|
|
|
|
|
|
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "logged out"})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func expirationDateValid(expiration string) bool {
|
|
|
|
|
if expiration == "" {
|
|
|
|
|
return true // No expiration = always valid
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
t, err := time.Parse(time.RFC3339, expiration)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false // Invalid date format
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return time.Now().Before(t)
|
|
|
|
|
}
|
|
|
|
|
|
