feat: fully featured token checks

2025-12-06 06:25:21 +03:00 · 2025-12-06 06:25:21 +03:00 · 713c0adc14
commit 713c0adc14
parent 7956a8a961
6 changed files with 226 additions and 77 deletions
--- a/auth/auth.gen.go
+++ b/auth/auth.gen.go
@ -56,6 +56,9 @@ type ServerInterface interface {
 	// Get service impersontaion token
 	// (POST /get-impersonation-token)
 	GetImpersonationToken(c *gin.Context)
+	// Refreshes access_token and refresh_token
+	// (GET /refresh-tokens)
+	RefreshTokens(c *gin.Context)
 	// Sign in a user and return JWT
 	// (POST /sign-in)
 	PostSignIn(c *gin.Context)
@ -88,6 +91,19 @@ func (siw *ServerInterfaceWrapper) GetImpersonationToken(c *gin.Context) {
 	siw.Handler.GetImpersonationToken(c)
 }

+// RefreshTokens operation middleware
+func (siw *ServerInterfaceWrapper) RefreshTokens(c *gin.Context) {
+
+	for _, middleware := range siw.HandlerMiddlewares {
+		middleware(c)
+		if c.IsAborted() {
+			return
+		}
+	}
+
+	siw.Handler.RefreshTokens(c)
+}
+
 // PostSignIn operation middleware
 func (siw *ServerInterfaceWrapper) PostSignIn(c *gin.Context) {

@ -142,10 +158,17 @@ func RegisterHandlersWithOptions(router gin.IRouter, si ServerInterface, options
 	}

 	router.POST(options.BaseURL+"/get-impersonation-token", wrapper.GetImpersonationToken)
+	router.GET(options.BaseURL+"/refresh-tokens", wrapper.RefreshTokens)
 	router.POST(options.BaseURL+"/sign-in", wrapper.PostSignIn)
 	router.POST(options.BaseURL+"/sign-up", wrapper.PostSignUp)
 }

+type ClientErrorResponse struct {
+}
+
+type ServerErrorResponse struct {
+}
+
 type UnauthorizedErrorResponse struct {
 }

@ -176,6 +199,42 @@ func (response GetImpersonationToken401Response) VisitGetImpersonationTokenRespo
 	return nil
 }

+type RefreshTokensRequestObject struct {
+}
+
+type RefreshTokensResponseObject interface {
+	VisitRefreshTokensResponse(w http.ResponseWriter) error
+}
+
+type RefreshTokens200Response struct {
+}
+
+func (response RefreshTokens200Response) VisitRefreshTokensResponse(w http.ResponseWriter) error {
+	w.WriteHeader(200)
+	return nil
+}
+
+type RefreshTokens400Response = ClientErrorResponse
+
+func (response RefreshTokens400Response) VisitRefreshTokensResponse(w http.ResponseWriter) error {
+	w.WriteHeader(400)
+	return nil
+}
+
+type RefreshTokens401Response = UnauthorizedErrorResponse
+
+func (response RefreshTokens401Response) VisitRefreshTokensResponse(w http.ResponseWriter) error {
+	w.WriteHeader(401)
+	return nil
+}
+
+type RefreshTokens500Response = ServerErrorResponse
+
+func (response RefreshTokens500Response) VisitRefreshTokensResponse(w http.ResponseWriter) error {
+	w.WriteHeader(500)
+	return nil
+}
+
 type PostSignInRequestObject struct {
 	Body *PostSignInJSONRequestBody
 }
@ -227,6 +286,9 @@ type StrictServerInterface interface {
 	// Get service impersontaion token
 	// (POST /get-impersonation-token)
 	GetImpersonationToken(ctx context.Context, request GetImpersonationTokenRequestObject) (GetImpersonationTokenResponseObject, error)
+	// Refreshes access_token and refresh_token
+	// (GET /refresh-tokens)
+	RefreshTokens(ctx context.Context, request RefreshTokensRequestObject) (RefreshTokensResponseObject, error)
 	// Sign in a user and return JWT
 	// (POST /sign-in)
 	PostSignIn(ctx context.Context, request PostSignInRequestObject) (PostSignInResponseObject, error)
@ -280,6 +342,31 @@ func (sh *strictHandler) GetImpersonationToken(ctx *gin.Context) {
 	}
 }

+// RefreshTokens operation middleware
+func (sh *strictHandler) RefreshTokens(ctx *gin.Context) {
+	var request RefreshTokensRequestObject
+
+	handler := func(ctx *gin.Context, request interface{}) (interface{}, error) {
+		return sh.ssi.RefreshTokens(ctx, request.(RefreshTokensRequestObject))
+	}
+	for _, middleware := range sh.middlewares {
+		handler = middleware(handler, "RefreshTokens")
+	}
+
+	response, err := handler(ctx, request)
+
+	if err != nil {
+		ctx.Error(err)
+		ctx.Status(http.StatusInternalServerError)
+	} else if validResponse, ok := response.(RefreshTokensResponseObject); ok {
+		if err := validResponse.VisitRefreshTokensResponse(ctx.Writer); err != nil {
+			ctx.Error(err)
+		}
+	} else if response != nil {
+		ctx.Error(fmt.Errorf("unexpected response type: %T", response))
+	}
+}
+
 // PostSignIn operation middleware
 func (sh *strictHandler) PostSignIn(ctx *gin.Context) {
 	var request PostSignInRequestObject
--- a/auth/claims.go
+++ b/auth/claims.go
@ -0,0 +1,10 @@
+package auth
+
+import "github.com/golang-jwt/jwt/v5"
+
+type TokenClaims struct {
+	UserID string  `json:"user_id"`
+	Type   string  `json:"type"`
+	ImpID  *string `json:"imp_id,omitempty"`
+	jwt.RegisteredClaims
+}
--- a/auth/openapi-auth.yaml
+++ b/auth/openapi-auth.yaml
@ -116,6 +116,22 @@ paths:
        "401":
          $ref: '#/components/responses/UnauthorizedError'

+  /refresh-tokens:
+    get:
+      summary: Refreshes access_token and refresh_token
+      operationId: refreshTokens
+      tags: [Auth]
+      responses:
+        # This one sets two cookies: access_token and refresh_token
+        "200":
+          description: Refresh success
+        "400":
+          $ref: '#/components/responses/ClientError'
+        "401":
+          $ref: '#/components/responses/UnauthorizedError'
+        "500":
+          $ref: '#/components/responses/ServerError'
+
 components:
  securitySchemes:
    bearerAuth:
@ -123,4 +139,8 @@ components:
      scheme: bearer
  responses:
    UnauthorizedError:
-      description: Access token is missing or invalid
+      description: Access token is missing or invalid
+    ServerError:
+      description: ServerError
+    ClientError:
+      description: ClientError