Feat: add session

middlewares/checkRefreshToken.go

@@ -0,0 +1,74 @@
+package middlewares
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"gitea.konchin.com/go2025/backend/models"
+	"gitea.konchin.com/go2025/backend/types"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/spf13/viper"
+	"github.com/uptrace/bunrouter"
+)
+
+func (self *Handlers) CheckRefreshToken(
+	next bunrouter.HandlerFunc,
+) bunrouter.HandlerFunc {
+	return func(w http.ResponseWriter, req bunrouter.Request) error {
+		ctx := req.Context()
+
+		refreshTokenCookie, err := req.Cookie("refresh_token")
+		if err != nil {
+			return HTTPError{
+				StatusCode:  http.StatusUnauthorized,
+				Message:     "user did not login",
+				OriginError: err,
+			}
+		}
+
+		var claim models.RefreshTokenClaim
+		token, err := jwt.ParseWithClaims(refreshTokenCookie.Value, &claim,
+			func(*jwt.Token) (interface{}, error) {
+				return []byte(viper.GetString("REFRESH_TOKEN_SECRET")), nil
+			})
+		if err != nil {
+			return HTTPError{
+				StatusCode:  http.StatusUnauthorized,
+				Message:     "refresh token jwt cannot parse",
+				OriginError: err,
+			}
+		}
+		if !token.Valid {
+			return HTTPError{
+				StatusCode: http.StatusUnauthorized,
+				Message:    "refresh token jwt invalid",
+			}
+		}
+
+		// check time and refresh
+		timeLeft := claim.ExpiresAt.Time.Sub(time.Now()) / time.Second
+		if int64(timeLeft) < viper.GetInt64("REFRESH_TOKEN_TIMEOUT")/2 {
+			session, err := self.db.UpdateRefreshToken(ctx, claim.UserId)
+			if err != nil {
+				return HTTPError{
+					StatusCode:  http.StatusInternalServerError,
+					Message:     "upsert session failed",
+					OriginError: err,
+				}
+			}
+
+			http.SetCookie(w, &http.Cookie{
+				Name:     "refresh_token",
+				Value:    session.RefreshToken,
+				Path:     "/",
+				Secure:   false,
+				HttpOnly: true,
+				SameSite: http.SameSiteLaxMode,
+			})
+		}
+
+		ctx = context.WithValue(ctx, types.RefreshToken(""), claim)
+		return next(w, req.WithContext(ctx))
+	}
+}