39 lines
1.2 KiB
Go
39 lines
1.2 KiB
Go
package services
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"git.solsynth.dev/hydrogen/identity/pkg/models"
|
|
"git.solsynth.dev/hydrogen/identity/pkg/security"
|
|
"github.com/gofiber/fiber/v2"
|
|
)
|
|
|
|
func Authenticate(access, refresh string, depth int) (models.Account, string, string, error) {
|
|
var user models.Account
|
|
claims, err := security.DecodeJwt(access)
|
|
if err != nil {
|
|
if len(refresh) > 0 && depth < 1 {
|
|
// Auto refresh and retry
|
|
access, refresh, err := security.RefreshToken(refresh)
|
|
if err == nil {
|
|
return Authenticate(access, refresh, depth+1)
|
|
}
|
|
}
|
|
return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
|
|
}
|
|
|
|
session, err := LookupSessionWithToken(claims.ID)
|
|
if err != nil {
|
|
return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth session: %v", err))
|
|
} else if err := session.IsAvailable(); err != nil {
|
|
return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("unavailable auth session: %v", err))
|
|
}
|
|
|
|
user, err = GetAccount(session.AccountID)
|
|
if err != nil {
|
|
return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid account: %v", err))
|
|
}
|
|
|
|
return user, access, refresh, nil
|
|
}
|