maximdeclercq
/
rusty-bever
forked from Chewing_Bever/rusty-bever
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Token refresh works!

develop
Jef Roosens 2021-08-22 13:14:19 +02:00
parent 7dffbb9597
commit d7333373bb
Signed by untrusted user: Jef Roosens
GPG Key ID: 955C0660072F691F
3 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/rb/auth.rs
View File

@ -126,9 +126,10 @@ pub fn refresh_token(conn: &PgConnection, refresh_token: &str) -> crate::Result<
let token_bytes = base64::decode(refresh_token).map_err(|_| RBError::InvalidRefreshToken)?; let token_bytes = base64::decode(refresh_token).map_err(|_| RBError::InvalidRefreshToken)?;
// First, we request the token from the database to see if it's really a valid token // First, we request the token from the database to see if it's really a valid token
let token_entry = refresh_tokens::refresh_tokens let (token_entry, user) = refresh_tokens::refresh_tokens
.inner_join(users::users)
.filter(refresh_tokens::token.eq(token_bytes)) .filter(refresh_tokens::token.eq(token_bytes))
.first::<RefreshToken>(conn) .first::<(RefreshToken, User)>(conn)
.map_err(|_| RBError::InvalidRefreshToken)?; .map_err(|_| RBError::InvalidRefreshToken)?;
// If we see that the token has already been used before, we block the user. // If we see that the token has already been used before, we block the user.
@ -142,15 +143,19 @@ pub fn refresh_token(conn: &PgConnection, refresh_token: &str) -> crate::Result<
return Err(RBError::DuplicateRefreshToken); return Err(RBError::DuplicateRefreshToken);
} }
// Now we check if the token has already expired
let cur_time = Utc::now().naive_utc();
if token_entry.expires_at < cur_time {
return Err(RBError::TokenExpired);
}
// We update the last_used_at value for the refresh token // We update the last_used_at value for the refresh token
let target = refresh_tokens::refresh_tokens.filter(refresh_tokens::token.eq(token_entry.token)); let target = refresh_tokens::refresh_tokens.filter(refresh_tokens::token.eq(token_entry.token));
diesel::update(target) diesel::update(target)
.set(refresh_tokens::last_used_at.eq(Utc::now().naive_utc())) .set(refresh_tokens::last_used_at.eq(cur_time))
.execute(conn) .execute(conn)
.map_err(|_| RBError::DBError)?; .map_err(|_| RBError::DBError)?;
// Finally, we query the new user & generate a new token
let user = users::users.filter(users::id.eq(token_entry.user_id)).first::<User>(conn).map_err(|_| RBError::DBError)?;
generate_jwt_token(conn, &user) generate_jwt_token(conn, &user)
} }

2
src/rb/lib.rs
View File

@ -10,7 +10,7 @@ pub use errors::Result;
// Any import defaults are defined here // Any import defaults are defined here
/// Expire time for the JWT tokens in seconds. /// Expire time for the JWT tokens in seconds.
const JWT_EXP_SECONDS: i64 = 900; const JWT_EXP_SECONDS: i64 = 600;
/// Amount of bytes the refresh tokens should consist of /// Amount of bytes the refresh tokens should consist of
const REFRESH_TOKEN_N_BYTES: usize = 64; const REFRESH_TOKEN_N_BYTES: usize = 64;
/// Expire time for refresh tokens; here: one week /// Expire time for refresh tokens; here: one week

3
src/rbs/auth.rs
View File

@ -32,6 +32,7 @@ async fn login(conn: RbDbConn, credentials: Json<Credentials>) -> rb::Result<Jso
} }
#[derive(Deserialize)] #[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
struct RefreshTokenRequest { struct RefreshTokenRequest {
pub refresh_token: String, pub refresh_token: String,
} }
@ -44,6 +45,6 @@ async fn refresh_token(
let refresh_token = refresh_token_request.into_inner().refresh_token; let refresh_token = refresh_token_request.into_inner().refresh_token;
Ok(Json( Ok(Json(
conn.run(move |c| rb::auth::refresh_token(c, &refresh_token)), conn.run(move |c| rb::auth::refresh_token(c, &refresh_token)).await?
)) ))
} }