tangled.org / core
this repo has no description
fork atom

implement token refreshing

assume that accessJwts last an hour, it does for oauth tokens anyway

Akshay 49320ecb 8961169b

options
unified split
Changed files
+61
flake.nix
legit
routes
auth.go
routes.go
+1
flake.nix
··· 28 28 pkgs.air 29 29 pkgs.templ 30 30 pkgs.gopls 31 + pkgs.httpie 31 32 ]; 32 33 }; 33 34 });
+59
legit/routes/auth.go
··· 1 1 package routes 2 2 3 3 import ( 4 + "log" 4 5 "net/http" 6 + "time" 7 + 8 + comatproto "github.com/bluesky-social/indigo/api/atproto" 9 + "github.com/bluesky-social/indigo/xrpc" 10 + ) 11 + 12 + const ( 13 + layout = "2006-01-02 15:04:05.999999999 -0700 MST" 5 14 ) 6 15 7 16 func (h *Handle) AuthMiddleware(next http.Handler) http.Handler { 8 17 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 9 18 session, _ := h.s.Get(r, "bild-session") 10 19 auth, ok := session.Values["authenticated"].(bool) 20 + 11 21 if !ok || !auth { 12 22 http.Error(w, "Forbidden: You are not logged in", http.StatusForbidden) 13 23 return 14 24 } 25 + 26 + // refresh if nearing expiry 27 + // TODO: dedup with /login 28 + expiryStr := session.Values["expiry"].(string) 29 + expiry, _ := time.Parse(layout, expiryStr) 30 + pdsUrl := session.Values["pds"].(string) 31 + did := session.Values["did"].(string) 32 + refreshJwt := session.Values["refreshJwt"].(string) 33 + 34 + if time.Now().After((expiry)) { 35 + log.Println("token expired, refreshing ...") 36 + 37 + client := xrpc.Client{ 38 + Host: pdsUrl, 39 + Auth: &xrpc.AuthInfo{ 40 + Did: did, 41 + AccessJwt: refreshJwt, 42 + RefreshJwt: refreshJwt, 43 + }, 44 + } 45 + atSession, err := comatproto.ServerRefreshSession(r.Context(), &client) 46 + 47 + if err != nil { 48 + log.Println(err) 49 + http.Error(w, "Internal Server Error", http.StatusInternalServerError) 50 + return 51 + } 52 + 53 + clientSession, _ := h.s.Get(r, "bild-session") 54 + clientSession.Values["handle"] = atSession.Handle 55 + clientSession.Values["did"] = atSession.Did 56 + clientSession.Values["accessJwt"] = atSession.AccessJwt 57 + clientSession.Values["refreshJwt"] = atSession.RefreshJwt 58 + clientSession.Values["expiry"] = time.Now().Add(time.Hour).String() 59 + clientSession.Values["pds"] = pdsUrl 60 + clientSession.Values["authenticated"] = true 61 + 62 + err = clientSession.Save(r, w) 63 + 64 + if err != nil { 65 + log.Printf("failed to store session for did: %s\n", atSession.Did) 66 + log.Println(err) 67 + http.Error(w, "Internal Server Error", http.StatusInternalServerError) 68 + return 69 + } 70 + 71 + log.Println("successfully refreshed token") 72 + } 73 + 15 74 next.ServeHTTP(w, r) 16 75 }) 17 76 }
+1
legit/routes/routes.go
··· 477 477 clientSession.Values["did"] = atSession.Did 478 478 clientSession.Values["accessJwt"] = atSession.AccessJwt 479 479 clientSession.Values["refreshJwt"] = atSession.RefreshJwt 480 + clientSession.Values["expiry"] = time.Now().Add(time.Hour).String() 480 481 clientSession.Values["pds"] = pdsUrl 481 482 clientSession.Values["authenticated"] = true 482 483