authorizer/server/resolvers/session.go

package resolvers

import (
	"context"
	"fmt"

	"github.com/authorizerdev/authorizer/server/cookie"
	"github.com/authorizerdev/authorizer/server/db"
	"github.com/authorizerdev/authorizer/server/graph/model"
	"github.com/authorizerdev/authorizer/server/sessionstore"
	"github.com/authorizerdev/authorizer/server/token"
	"github.com/authorizerdev/authorizer/server/utils"
)

// SessionResolver is a resolver for session query
func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*model.AuthResponse, error) {
	var res *model.AuthResponse

	gc, err := utils.GinContextFromContext(ctx)
	if err != nil {
		return res, err
	}

	// get refresh token
	refreshToken, err := token.GetRefreshToken(gc)
	if err != nil {
		return res, err
	}

	// get fingerprint hash
	fingerprintHash, err := token.GetFingerPrint(gc)
	if err != nil {
		return res, err
	}

	decryptedFingerPrint, err := utils.DecryptAES([]byte(fingerprintHash))
	if err != nil {
		return res, err
	}

	fingerPrint := string(decryptedFingerPrint)

	// verify refresh token and fingerprint
	claims, err := token.VerifyJWTToken(refreshToken)
	if err != nil {
		return res, err
	}

	userID := claims["id"].(string)

	persistedRefresh := sessionstore.GetUserSession(userID, fingerPrint)
	if refreshToken != persistedRefresh {
		return res, fmt.Errorf(`unauthorized`)
	}

	user, err := db.Provider.GetUserByID(userID)
	if err != nil {
		return res, err
	}

	// refresh token has "roles" as claim
	claimRoleInterface := claims["roles"].([]interface{})
	claimRoles := []string{}
	for _, v := range claimRoleInterface {
		claimRoles = append(claimRoles, v.(string))
	}

	if params != nil && params.Roles != nil && len(params.Roles) > 0 {
		for _, v := range params.Roles {
			if !utils.StringSliceContains(claimRoles, v) {
				return res, fmt.Errorf(`unauthorized`)
			}
		}
	}

	// delete older session
	sessionstore.DeleteUserSession(userID, fingerPrint)

	authToken, err := token.CreateAuthToken(user, claimRoles)
	if err != nil {
		return res, err
	}
	sessionstore.SetUserSession(user.ID, authToken.FingerPrint, authToken.RefreshToken.Token)
	cookie.SetCookie(gc, authToken.AccessToken.Token, authToken.RefreshToken.Token, authToken.FingerPrintHash)

	res = &model.AuthResponse{
		Message:     `Session token refreshed`,
		AccessToken: &authToken.AccessToken.Token,
		ExpiresAt:   &authToken.AccessToken.ExpiresAt,
		User:        user.AsAPIUser(),
	}

	return res, nil
}
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`package resolvers`

			`import (`
			`"context"`
			`"fmt"`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`"github.com/authorizerdev/authorizer/server/cookie"`
chore: rename project 2021-07-23 16:27:44 +00:00			`"github.com/authorizerdev/authorizer/server/db"`
			`"github.com/authorizerdev/authorizer/server/graph/model"`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`"github.com/authorizerdev/authorizer/server/sessionstore"`
			`"github.com/authorizerdev/authorizer/server/token"`
chore: rename project 2021-07-23 16:27:44 +00:00			`"github.com/authorizerdev/authorizer/server/utils"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// SessionResolver is a resolver for session query`
feat(server): add is_valid_jwt query 2022-01-23 19:02:06 +00:00			`func SessionResolver(ctx context.Context, params model.SessionQueryInput) (model.AuthResponse, error) {`
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 10:13:08 +00:00			`var res *model.AuthResponse`
feat/add meta query (#38) * feat: add meta query * fix: readme 2021-07-28 07:55:52 +00:00
			`gc, err := utils.GinContextFromContext(ctx)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`if err != nil {`
			`return res, err`
			`}`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00
			`// get refresh token`
			`refreshToken, err := token.GetRefreshToken(gc)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`if err != nil {`
			`return res, err`
			`}`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`// get fingerprint hash`
			`fingerprintHash, err := token.GetFingerPrint(gc)`
			`if err != nil {`
			`return res, err`
			`}`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`decryptedFingerPrint, err := utils.DecryptAES([]byte(fingerprintHash))`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`if err != nil {`
			`return res, err`
			`}`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`fingerPrint := string(decryptedFingerPrint)`

			`// verify refresh token and fingerprint`
			`claims, err := token.VerifyJWTToken(refreshToken)`
			`if err != nil {`
			`return res, err`
			`}`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`userID := claims["id"].(string)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`persistedRefresh := sessionstore.GetUserSession(userID, fingerPrint)`
			`if refreshToken != persistedRefresh {`
Add resolver to update profile Resolves #12 #11 2021-07-18 03:55:20 +00:00			return res, fmt.Errorf(`unauthorized`)
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`user, err := db.Provider.GetUserByID(userID)`
			`if err != nil {`
			`return res, err`
			`}`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`// refresh token has "roles" as claim`
			`claimRoleInterface := claims["roles"].([]interface{})`
			`claimRoles := []string{}`
			`for _, v := range claimRoleInterface {`
			`claimRoles = append(claimRoles, v.(string))`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`}`

feat(server): add is_valid_jwt query 2022-01-23 19:02:06 +00:00			`if params != nil && params.Roles != nil && len(params.Roles) > 0 {`
			`for _, v := range params.Roles {`
fix: multi role with oauth (#61) 2021-10-19 07:27:59 +00:00			`if !utils.StringSliceContains(claimRoles, v) {`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			return res, fmt.Errorf(`unauthorized`)
			`}`
			`}`
			`}`

Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`// delete older session`
			`sessionstore.DeleteUserSession(userID, fingerPrint)`

			`authToken, err := token.CreateAuthToken(user, claimRoles)`
			`if err != nil {`
			`return res, err`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`sessionstore.SetUserSession(user.ID, authToken.FingerPrint, authToken.RefreshToken.Token)`
			`cookie.SetCookie(gc, authToken.AccessToken.Token, authToken.RefreshToken.Token, authToken.FingerPrintHash)`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00
feat:allow signup without verification (#39) * fix: add disable basic auth check in resolvers * feat: allow signup without email verification Resolves #32 2021-07-28 10:13:08 +00:00			`res = &model.AuthResponse{`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			Message: `Session token refreshed`,
			`AccessToken: &authToken.AccessToken.Token,`
			`ExpiresAt: &authToken.AccessToken.ExpiresAt,`
			`User: user.AsAPIUser(),`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`return res, nil`
			`}`