package server import ( "code.smartsheep.studio/hydrogen/identity/pkg/security" "code.smartsheep.studio/hydrogen/identity/pkg/services" "fmt" "github.com/gofiber/fiber/v2" "strings" ) func authMiddleware(c *fiber.Ctx) error { var token string if cookie := c.Cookies(security.CookieAccessKey); len(cookie) > 0 { token = cookie } if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 { tk := strings.Replace(header, "Bearer", "", 1) token = strings.TrimSpace(tk) } c.Locals("token", token) if err := authFunc(c); err != nil { fmt.Println(err) return err } return c.Next() } func authFunc(c *fiber.Ctx, overrides ...string) error { var token string if len(overrides) > 0 { token = overrides[0] } else { if tk, ok := c.Locals("token").(string); !ok { return fiber.NewError(fiber.StatusUnauthorized) } else { token = tk } } claims, err := security.DecodeJwt(token) if err != nil { rtk := c.Cookies(security.CookieRefreshKey) if len(rtk) > 0 && len(overrides) < 1 { // Auto refresh and retry access, refresh, err := security.RefreshToken(rtk) if err == nil { security.SetJwtCookieSet(c, access, refresh) return authFunc(c, access) } } return fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err)) } session, err := services.LookupSessionWithToken(claims.ID) if err != nil { return fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth session: %v", err)) } else if err := session.IsAvailable(); err != nil { return fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("unavailable auth session: %v", err)) } user, err := services.GetAccount(session.AccountID) if err != nil { return fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid account: %v", err)) } c.Locals("principal", user) return nil }