|
|
|
@@ -49,6 +49,10 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
|
|
|
aH.logger.Error("Login", "user empty")
|
|
|
|
aH.logger.Error("Login", "user empty")
|
|
|
|
c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("user empty"))
|
|
|
|
c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("user empty"))
|
|
|
|
return
|
|
|
|
return
|
|
|
|
|
|
|
|
} else if !user.ExpirationIsValid() {
|
|
|
|
|
|
|
|
aH.logger.Error("Login", fmt.Sprintf("user %s is expired", user.Name))
|
|
|
|
|
|
|
|
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+user.Name+" is expired"))
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Fetch user record from DB
|
|
|
|
// Fetch user record from DB
|
|
|
|
@@ -89,6 +93,7 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
|
|
|
"role": user.Role,
|
|
|
|
"role": user.Role,
|
|
|
|
"type": "access",
|
|
|
|
"type": "access",
|
|
|
|
"exp": accessTokenExp.Unix(),
|
|
|
|
"exp": accessTokenExp.Unix(),
|
|
|
|
|
|
|
|
"userExpiration": user.Expiration,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
// Create refresh token
|
|
|
|
// Create refresh token
|
|
|
|
@@ -98,6 +103,7 @@ func (aH *AccessHandler) Login(c *gin.Context) {
|
|
|
|
"role": user.Role,
|
|
|
|
"role": user.Role,
|
|
|
|
"type": "refresh",
|
|
|
|
"type": "refresh",
|
|
|
|
"exp": refreshTokenExp.Unix(),
|
|
|
|
"exp": refreshTokenExp.Unix(),
|
|
|
|
|
|
|
|
"userExpiration": user.GetExpiration(),
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
// Sign tokens
|
|
|
|
// Sign tokens
|
|
|
|
@@ -175,6 +181,12 @@ func (aH *AccessHandler) Refresh(c *gin.Context) {
|
|
|
|
id := int(claims["id"].(float64))
|
|
|
|
id := int(claims["id"].(float64))
|
|
|
|
role := claims["role"].(string)
|
|
|
|
role := claims["role"].(string)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if !expirationDateValid(claims["userExpiration"].(string)) {
|
|
|
|
|
|
|
|
aH.logger.Error("Login", fmt.Sprintf("user %s is expired", username))
|
|
|
|
|
|
|
|
c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+username+" is expired"))
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Create new access token
|
|
|
|
// Create new access token
|
|
|
|
aH.logger.Debug("Refresh", "create new access token")
|
|
|
|
aH.logger.Debug("Refresh", "create new access token")
|
|
|
|
accessExp := time.Now().Add(ACCESS_TOKEN_TIME)
|
|
|
|
accessExp := time.Now().Add(ACCESS_TOKEN_TIME)
|
|
|
|
@@ -240,3 +252,16 @@ func (aH *AccessHandler) Logout(c *gin.Context) {
|
|
|
|
|
|
|
|
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "logged out"})
|
|
|
|
c.JSON(http.StatusOK, gin.H{"message": "logged out"})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func expirationDateValid(expiration string) bool {
|
|
|
|
|
|
|
|
if expiration == "" {
|
|
|
|
|
|
|
|
return true // No expiration = always valid
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
t, err := time.Parse(time.RFC3339, expiration)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return false // Invalid date format
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return time.Now().Before(t)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
