Skip to content

Commit

Permalink
MG-217 - Separate refresh token from the session cookie (#218)
Browse files Browse the repository at this point in the history 
* separate refresh token from the session

Signed-off-by: ianmuchyri <[email protected]>

* move refresh token from /domains to /domains/login

Signed-off-by: ianmuchyri <[email protected]>

* add refresh token cookie expiry time

Signed-off-by: ianmuchyri <[email protected]>

* remove refresh token cookie in refreshTokenEndpoin

Signed-off-by: ianmuchyri <[email protected]>

* remove http only param

Signed-off-by: ianmuchyri <[email protected]>

* fix fetchData token from accessToken

Signed-off-by: ianmuchyri <[email protected]>

---------

Signed-off-by: ianmuchyri <[email protected]>
  • Loading branch information
@ianmuchyri
ianmuchyri authored Mar 14, 2024
1 parent 65b5b55 commit 8dd46ba
Show file tree
Hide file tree
Showing 6 changed files with 298 additions and 169 deletions.
176 changes: 143 additions & 33 deletions ui/api/endpoint.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ func loginEndpoint(svc ui.Service) endpoint.Endpoint {
}
}

func logoutEndpoint(svc ui.Service) endpoint.Endpoint {
func logoutEndpoint(svc ui.Service, prefix string) endpoint.Endpoint {
return func(_ context.Context, _ interface{}) (interface{}, error) {
if err := svc.Logout(); err != nil {
return nil, err
Expand All @@ -120,6 +120,18 @@ func logoutEndpoint(svc ui.Service) endpoint.Endpoint {
Path: "/",
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: fmt.Sprintf("%s/%s/login", prefix, domainsAPIEndpoint),
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: fmt.Sprintf("%s/%s", prefix, tokenRefreshAPIEndpoint),
MaxAge: -1,
},
}
return uiRes{
code: http.StatusOK,
Expand Down Expand Up @@ -213,6 +225,18 @@ func updatePasswordEndpoint(svc ui.Service, prefix string) endpoint.Endpoint {
Path: "/",
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: fmt.Sprintf("%s/%s/login", prefix, domainsAPIEndpoint),
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: fmt.Sprintf("%s/%s", prefix, tokenRefreshAPIEndpoint),
MaxAge: -1,
},
}

return uiRes{
Expand Down Expand Up @@ -275,13 +299,16 @@ func secureTokenEndpoint(svc ui.Service, s *securecookie.SecureCookie, prefix st
return nil, err
}

sessionDetails, err := svc.Session(req.Session)
sessionReq := ui.Session{
Token: req.AccessToken,
LoginStatus: ui.UserLoginStatus,
}

sessionDetails, err := svc.Session(sessionReq)
if err != nil {
return nil, err
}

sessionDetails.Token = req.Token

sessionDetails.Token = req.AccessToken
session, err := json.Marshal(sessionDetails)
if err != nil {
return nil, err
Expand All @@ -291,47 +318,70 @@ func secureTokenEndpoint(svc ui.Service, s *securecookie.SecureCookie, prefix st
return nil, err
}

secureRefreshToken, err := s.Encode(refreshTokenKey, req.RefreshToken)
if err != nil {
return nil, err
}

refreshExp, err := extractTokenExpiry(req.RefreshToken)
if err != nil {
return nil, err
}

return uiRes{
code: http.StatusSeeOther,
cookies: []*http.Cookie{
{
Name: sessionDetailsKey,
Value: secureSessionDetails,
Path: "/",
Name: sessionDetailsKey,
Value: secureSessionDetails,
Path: "/",
HttpOnly: true,
},
{
Name: accessTokenKey,
Value: "",
Path: "/",
MaxAge: -1,
Name: refreshTokenKey,
Value: secureRefreshToken,
Path: fmt.Sprintf("%s/%s", prefix, tokenRefreshAPIEndpoint),
Expires: refreshExp,
HttpOnly: true,
},
{
Name: refreshTokenKey,
Value: "",
Path: "/",
MaxAge: -1,
Value: secureRefreshToken,
Path: fmt.Sprintf("%s/%s/login", prefix, domainsAPIEndpoint),
Expires: refreshExp,
HttpOnly: true,
},
{
Name: accessTokenKey,
Value: "",
Path: "/",
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: "/",
MaxAge: -1,
},
},
headers: map[string]string{"Location": fmt.Sprintf("%s/%s", prefix, domainsAPIEndpoint)},
}, nil
}
}

func refreshTokenEndpoint(svc ui.Service, s *securecookie.SecureCookie) endpoint.Endpoint {
func refreshTokenEndpoint(svc ui.Service, s *securecookie.SecureCookie, prefix string) endpoint.Endpoint {
return func(_ context.Context, request interface{}) (interface{}, error) {
req := request.(refreshTokenReq)
if err := req.validate(); err != nil {
return nil, err
}

token, err := svc.RefreshToken(req.RefreshToken)
token, err := svc.RefreshToken(req.Token)
if err != nil {
return nil, err
}

req.Session.Token = token
req.Session.Token = token.AccessToken
session, err := json.Marshal(req.Session)
if err != nil {
return nil, err
Expand All @@ -341,14 +391,38 @@ func refreshTokenEndpoint(svc ui.Service, s *securecookie.SecureCookie) endpoint
return nil, err
}

secureRefreshToken, err := s.Encode(refreshTokenKey, token.RefreshToken)
if err != nil {
return nil, err
}
refreshExp, err := extractTokenExpiry(token.RefreshToken)
if err != nil {
return nil, err
}

tkr := uiRes{
code: http.StatusSeeOther,
headers: map[string]string{"Location": req.ref},
cookies: []*http.Cookie{
{
Name: sessionDetailsKey,
Value: secureSessionDetails,
Path: "/",
Name: sessionDetailsKey,
Value: secureSessionDetails,
Path: "/",
HttpOnly: true,
},
{
Name: refreshTokenKey,
Value: secureRefreshToken,
Path: fmt.Sprintf("%s/%s", prefix, tokenRefreshAPIEndpoint),
Expires: refreshExp,
HttpOnly: true,
},
{
Name: refreshTokenKey,
Value: secureRefreshToken,
Path: fmt.Sprintf("%s/%s/login", prefix, domainsAPIEndpoint),
Expires: refreshExp,
HttpOnly: true,
},
},
}
Expand Down Expand Up @@ -1301,7 +1375,7 @@ func FetchChartDataEndpoint(svc ui.Service) endpoint.Endpoint {
if err := req.validate(); err != nil {
return nil, err
}
res, err := svc.FetchChartData(req.Session.AccessToken, req.channelID, req.mpgm)
res, err := svc.FetchChartData(req.Session.Token, req.channelID, req.mpgm)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -1549,18 +1623,18 @@ func domainLoginEndpoint(svc ui.Service, s *securecookie.SecureCookie, prefix st
if err := req.validate(); err != nil {
return nil, err
}
token, err := svc.DomainLogin(req.Login, req.RefreshToken)
token, err := svc.DomainLogin(req.Login, req.Token)
if err != nil {
return nil, err
}
req.Domain.ID = req.DomainID
req.AccessToken = token.AccessToken
req.Token = token.AccessToken
sessionDetails, err := svc.Session(req.Session)
if err != nil {
return nil, err
}

sessionDetails.Token = token
sessionDetails.Token = token.AccessToken
session, err := json.Marshal(sessionDetails)
if err != nil {
return nil, err
Expand All @@ -1570,13 +1644,38 @@ func domainLoginEndpoint(svc ui.Service, s *securecookie.SecureCookie, prefix st
return nil, err
}

secureRefreshToken, err := s.Encode(refreshTokenKey, token.RefreshToken)
if err != nil {
return nil, err
}

refreshExp, err := extractTokenExpiry(token.RefreshToken)
if err != nil {
return nil, err
}

return uiRes{
code: http.StatusSeeOther,
cookies: []*http.Cookie{
{
Name: sessionDetailsKey,
Value: secureSessionDetails,
Path: "/",
Name: sessionDetailsKey,
Value: secureSessionDetails,
Path: "/",
HttpOnly: true,
},
{
Name: refreshTokenKey,
Value: secureRefreshToken,
Path: fmt.Sprintf("%s/%s", prefix, tokenRefreshAPIEndpoint),
Expires: refreshExp,
HttpOnly: true,
},
{
Name: refreshTokenKey,
Value: secureRefreshToken,
Path: fmt.Sprintf("%s/%s/login", prefix, domainsAPIEndpoint),
Expires: refreshExp,
HttpOnly: true,
},
},
headers: map[string]string{"Location": fmt.Sprintf("%s/?domain=%s", prefix, req.DomainID)},
Expand Down Expand Up @@ -1705,11 +1804,22 @@ func disableDomainEndpoint(svc ui.Service, prefix string) endpoint.Endpoint {

cookies := []*http.Cookie{
{
Name: accessTokenKey,
Value: "",
Path: "/",
MaxAge: -1,
HttpOnly: true,
Name: sessionDetailsKey,
Value: "",
Path: "/",
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: fmt.Sprintf("%s/%s", prefix, tokenRefreshAPIEndpoint),
MaxAge: -1,
},
{
Name: refreshTokenKey,
Value: "",
Path: fmt.Sprintf("%s/%s/login", prefix, domainsAPIEndpoint),
MaxAge: -1,
},
}

Expand Down
Loading

0 comments on commit 8dd46ba

Please sign in to comment.