devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

feat: use multi roles login (#60)

Browse Source 
* feat: use multi roles login

- add support for protected roles
- refactor oauth code

* fix: adminUpdate role validation

* fix: update app
This commit is contained in:
Lakhan Samani
2021-10-13 22:11:41 +05:30
committed by GitHub
parent 27944cf7b5
commit b376ee3b73
23 changed files with 248 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
server/resolvers/token.go
View File

@@ -14,7 +14,7 @@ import (
"github.com/authorizerdev/authorizer/server/utils"
)
func Token(ctx context.Context, role *string) (*model.AuthResponse, error) {
func Token(ctx context.Context, roles []string) (*model.AuthResponse, error) {
var res *model.AuthResponse
gc, err := utils.GinContextFromContext(ctx)
@@ -30,16 +30,11 @@ func Token(ctx context.Context, role *string) (*model.AuthResponse, error) {
expiresAt := claim["exp"].(int64)
email := fmt.Sprintf("%v", claim["email"])
claimRole := fmt.Sprintf("%v", claim[constants.JWT_ROLE_CLAIM])
user, err := db.Mgr.GetUserByEmail(email)
if err != nil {
return res, err
}
if role != nil && *role != claimRole {
return res, fmt.Errorf(`unauthorized`)
}
userIdStr := fmt.Sprintf("%v", user.ID)
sessionToken := session.GetToken(userIdStr)
@@ -47,15 +42,30 @@ func Token(ctx context.Context, role *string) (*model.AuthResponse, error) {
if sessionToken == "" {
return res, fmt.Errorf(`unauthorized`)
}
// TODO check if refresh/session token has expired
expiresTimeObj := time.Unix(expiresAt, 0)
currentTimeObj := time.Now()
claimRoleInterface := claim[constants.JWT_ROLE_CLAIM].([]interface{})
claimRoles := make([]string, len(claimRoleInterface))
for i, v := range claimRoleInterface {
claimRoles[i] = v.(string)
}
if len(roles) > 0 {
for _, v := range roles {
if !utils.StringContains(claimRoles, v) {
return res, fmt.Errorf(`unauthorized`)
}
}
}
if accessTokenErr != nil || expiresTimeObj.Sub(currentTimeObj).Minutes() <= 5 {
// if access token has expired and refresh/session token is valid
// generate new accessToken
token, expiresAt, _ = utils.CreateAuthToken(user, enum.AccessToken, claimRole)
token, expiresAt, _ = utils.CreateAuthToken(user, enum.AccessToken, claimRoles)
}
utils.SetCookie(gc, token)
res = &model.AuthResponse{
Message: `Token verified`,