feature: Adds API refresh support.

2024-12-22 11:36:15 -05:00 · 2024-12-22 11:36:15 -05:00 · 37d0d41570
commit 37d0d41570
parent 7d5db06c7b
3 changed files with 135 additions and 0 deletions
--- a/backend/api/controllers/v1/users/refresh.go
+++ b/backend/api/controllers/v1/users/refresh.go
@ -0,0 +1,117 @@
+package users
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"git.terah.dev/imterah/hermes/api/dbcore"
+	"git.terah.dev/imterah/hermes/api/jwtcore"
+	"github.com/charmbracelet/log"
+	"github.com/gin-gonic/gin"
+	"github.com/go-playground/validator/v10"
+)
+
+type UserRefreshRequest struct {
+	Token string `validate:"required"`
+}
+
+func RefreshUserToken(c *gin.Context) {
+	var req UserRefreshRequest
+
+	if err := c.BindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": fmt.Sprintf("Failed to parse body: %s", err.Error()),
+		})
+
+		return
+	}
+
+	if err := validator.New().Struct(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": fmt.Sprintf("Failed to validate body: %s", err.Error()),
+		})
+
+		return
+	}
+
+	var tokenInDatabase *dbcore.Token
+	tokenRequest := dbcore.DB.Where("token = ?", req.Token).Find(&tokenInDatabase)
+
+	if tokenRequest.Error != nil {
+		log.Warnf("failed to find if token exists or not: %s", tokenRequest.Error)
+
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "Failed to find if token exists",
+		})
+
+		return
+	}
+
+	tokenExists := tokenRequest.RowsAffected > 0
+
+	if !tokenExists {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Token not found",
+		})
+
+		return
+	}
+
+	// First, we check to make sure that the key expiry is disabled before checking if the key is expired.
+	// Then, we check if the IP addresses differ, or if it has been 7 days since the token has been created.
+	if !tokenInDatabase.DisableExpiry && (c.ClientIP() != tokenInDatabase.CreationIPAddr || time.Now().Before(tokenInDatabase.CreatedAt.Add((24*7)*time.Hour))) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"error": "Token has expired",
+		})
+
+		tx := dbcore.DB.Delete(tokenInDatabase)
+
+		if tx.Error != nil {
+			log.Warnf("Failed to delete expired token from database: %s", tx.Error.Error())
+		}
+
+		return
+	}
+
+	// Get the user to check if the user exists before doing anything
+	var user *dbcore.User
+	userRequest := dbcore.DB.Where("id = ?", tokenInDatabase.UserID).Find(&user)
+
+	if tokenRequest.Error != nil {
+		log.Warnf("failed to find if token user or not: %s", userRequest.Error)
+
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "Failed to find user",
+		})
+
+		return
+	}
+
+	userExists := userRequest.RowsAffected > 0
+
+	if !userExists {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "User not found",
+		})
+
+		return
+	}
+
+	jwt, err := jwtcore.Generate(user.ID)
+
+	if err != nil {
+		log.Warnf("Failed to generate JWT: %s", err.Error())
+
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "Failed to generate refresh token",
+		})
+
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"token":   jwt,
+	})
+}
--- a/backend/api/main.go
+++ b/backend/api/main.go
@ -93,6 +93,7 @@ func main() {
 	// Initialize routes
 	engine.POST("/api/v1/users/create", users.CreateUser)
 	engine.POST("/api/v1/users/login", users.LoginUser)
+	engine.POST("/api/v1/users/refresh", users.RefreshUserToken)

 	log.Infof("Listening on: %s", listeningAddress)
 	err = engine.Run(listeningAddress)