nihonium/nyanimedb
1
0
Fork 1
Code Issues 11 Pull requests Releases Packages 3 Activity Actions

feat: use SetCookie for access and refresh tokens

Browse source
This commit is contained in:
nihonium 2025-11-23 03:32:58 +03:00
parent bbe57e07d5
commit e64e770783
Signed by: nihonium
GPG key ID: 0251623741027CFC
3 changed files with 246 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

104
auth/auth.gen.go
View file

@ -25,21 +25,12 @@ type PostAuthSignUpJSONBody struct {
Pass string `json:"pass"`
}
// PostAuthVerifyTokenJSONBody defines parameters for PostAuthVerifyToken.
type PostAuthVerifyTokenJSONBody struct {
// Token JWT token to validate
Token string `json:"token"`
}
// PostAuthSignInJSONRequestBody defines body for PostAuthSignIn for application/json ContentType.
type PostAuthSignInJSONRequestBody PostAuthSignInJSONBody
// PostAuthSignUpJSONRequestBody defines body for PostAuthSignUp for application/json ContentType.
type PostAuthSignUpJSONRequestBody PostAuthSignUpJSONBody
// PostAuthVerifyTokenJSONRequestBody defines body for PostAuthVerifyToken for application/json ContentType.
type PostAuthVerifyTokenJSONRequestBody PostAuthVerifyTokenJSONBody
// ServerInterface represents all server handlers.
type ServerInterface interface {
// Sign in a user and return JWT
@ -48,9 +39,6 @@ type ServerInterface interface {
// Sign up a new user
// (POST /auth/sign-up)
PostAuthSignUp(c *gin.Context)
// Verify JWT validity
// (POST /auth/verify-token)
PostAuthVerifyToken(c *gin.Context)
}
// ServerInterfaceWrapper converts contexts to parameters.
@ -88,19 +76,6 @@ func (siw *ServerInterfaceWrapper) PostAuthSignUp(c *gin.Context) {
siw.Handler.PostAuthSignUp(c)
}
// PostAuthVerifyToken operation middleware
func (siw *ServerInterfaceWrapper) PostAuthVerifyToken(c *gin.Context) {
for _, middleware := range siw.HandlerMiddlewares {
middleware(c)
if c.IsAborted() {
return
}
}
siw.Handler.PostAuthVerifyToken(c)
}
// GinServerOptions provides options for the Gin server.
type GinServerOptions struct {
BaseURL string
@ -130,7 +105,6 @@ func RegisterHandlersWithOptions(router gin.IRouter, si ServerInterface, options
router.POST(options.BaseURL+"/auth/sign-in", wrapper.PostAuthSignIn)
router.POST(options.BaseURL+"/auth/sign-up", wrapper.PostAuthSignUp)
router.POST(options.BaseURL+"/auth/verify-token", wrapper.PostAuthVerifyToken)
}
type PostAuthSignInRequestObject struct {
@ -144,10 +118,7 @@ type PostAuthSignInResponseObject interface {
type PostAuthSignIn200JSONResponse struct {
Error *string `json:"error"`
Success *bool `json:"success,omitempty"`
// Token JWT token to access protected endpoints
Token *string `json:"token"`
UserId *string `json:"user_id"`
UserId *string `json:"user_id"`
}
func (response PostAuthSignIn200JSONResponse) VisitPostAuthSignInResponse(w http.ResponseWriter) error {
@ -157,6 +128,17 @@ func (response PostAuthSignIn200JSONResponse) VisitPostAuthSignInResponse(w http
return json.NewEncoder(w).Encode(response)
}
type PostAuthSignIn401JSONResponse struct {
Error *string `json:"error,omitempty"`
}
func (response PostAuthSignIn401JSONResponse) VisitPostAuthSignInResponse(w http.ResponseWriter) error {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(401)
return json.NewEncoder(w).Encode(response)
}
type PostAuthSignUpRequestObject struct {
Body *PostAuthSignUpJSONRequestBody
}
@ -178,32 +160,6 @@ func (response PostAuthSignUp200JSONResponse) VisitPostAuthSignUpResponse(w http
return json.NewEncoder(w).Encode(response)
}
type PostAuthVerifyTokenRequestObject struct {
Body *PostAuthVerifyTokenJSONRequestBody
}
type PostAuthVerifyTokenResponseObject interface {
VisitPostAuthVerifyTokenResponse(w http.ResponseWriter) error
}
type PostAuthVerifyToken200JSONResponse struct {
// Error Error message if token is invalid
Error *string `json:"error"`
// UserId User ID extracted from token if valid
UserId *string `json:"user_id"`
// Valid True if token is valid
Valid *bool `json:"valid,omitempty"`
}
func (response PostAuthVerifyToken200JSONResponse) VisitPostAuthVerifyTokenResponse(w http.ResponseWriter) error {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(200)
return json.NewEncoder(w).Encode(response)
}
// StrictServerInterface represents all server handlers.
type StrictServerInterface interface {
// Sign in a user and return JWT
@ -212,9 +168,6 @@ type StrictServerInterface interface {
// Sign up a new user
// (POST /auth/sign-up)
PostAuthSignUp(ctx context.Context, request PostAuthSignUpRequestObject) (PostAuthSignUpResponseObject, error)
// Verify JWT validity
// (POST /auth/verify-token)
PostAuthVerifyToken(ctx context.Context, request PostAuthVerifyTokenRequestObject) (PostAuthVerifyTokenResponseObject, error)
}
type StrictHandlerFunc = strictgin.StrictGinHandlerFunc
@ -294,36 +247,3 @@ func (sh *strictHandler) PostAuthSignUp(ctx *gin.Context) {
ctx.Error(fmt.Errorf("unexpected response type: %T", response))
}
}
// PostAuthVerifyToken operation middleware
func (sh *strictHandler) PostAuthVerifyToken(ctx *gin.Context) {
var request PostAuthVerifyTokenRequestObject
var body PostAuthVerifyTokenJSONRequestBody
if err := ctx.ShouldBindJSON(&body); err != nil {
ctx.Status(http.StatusBadRequest)
ctx.Error(err)
return
}
request.Body = &body
handler := func(ctx *gin.Context, request interface{}) (interface{}, error) {
return sh.ssi.PostAuthVerifyToken(ctx, request.(PostAuthVerifyTokenRequestObject))
}
for _, middleware := range sh.middlewares {
handler = middleware(handler, "PostAuthVerifyToken")
}
response, err := handler(ctx, request)
if err != nil {
ctx.Error(err)
ctx.Status(http.StatusInternalServerError)
} else if validResponse, ok := response.(PostAuthVerifyTokenResponseObject); ok {
if err := validResponse.VisitPostAuthVerifyTokenResponse(ctx.Writer); err != nil {
ctx.Error(err)
}
} else if response != nil {
ctx.Error(fmt.Errorf("unexpected response type: %T", response))
}
}

121
auth/openapi-auth.yaml
View file

@ -1,4 +1,4 @@
openapi: 3.1.0
openapi: 3.1.1
info:
title: Auth Service
version: 1.0.0
@ -58,6 +58,14 @@ paths:
responses:
"200":
description: Sign-in result with JWT
# headers:
# Set-Cookie:
# schema:
# type: array
# items:
# type: string
# explode: true
# style: simple
content:
application/json:
schema:
@ -71,42 +79,89 @@ paths:
user_id:
type: string
nullable: true
token:
type: string
description: JWT token to access protected endpoints
nullable: true
/auth/verify-token:
post:
summary: Verify JWT validity
tags: [Auth]
requestBody:
required: true
content:
application/json:
schema:
type: object
required: [token]
properties:
token:
type: string
description: JWT token to validate
responses:
"200":
description: Token validation result
"401":
description: Access denied due to invalid credentials
content:
application/json:
schema:
type: object
properties:
valid:
type: boolean
description: True if token is valid
user_id:
type: string
nullable: true
description: User ID extracted from token if valid
error:
type: string
nullable: true
description: Error message if token is invalid
example: "Access denied"
# /auth/verify-token:
# post:
# summary: Verify JWT validity
# tags: [Auth]
# requestBody:
# required: true
# content:
# application/json:
# schema:
# type: object
# required: [token]
# properties:
# token:
# type: string
# description: JWT token to validate
# responses:
# "200":
# description: Token validation result
# content:
# application/json:
# schema:
# type: object
# properties:
# valid:
# type: boolean
# description: True if token is valid
# user_id:
# type: string
# nullable: true
# description: User ID extracted from token if valid
# error:
# type: string
# nullable: true
# description: Error message if token is invalid
# /auth/refresh-token:
# post:
# summary: Refresh JWT using a refresh token
# tags: [Auth]
# requestBody:
# required: true
# content:
# application/json:
# schema:
# type: object
# required: [refresh_token]
# properties:
# refresh_token:
# type: string
# description: JWT refresh token obtained from sign-in
# responses:
# "200":
# description: New access (and optionally refresh) token
# content:
# application/json:
# schema:
# type: object
# properties:
# valid:
# type: boolean
# description: True if refresh token was valid
# user_id:
# type: string
# nullable: true
# description: User ID extracted from refresh token
# access_token:
# type: string
# description: New access token
# nullable: true
# refresh_token:
# type: string
# description: New refresh token (optional)
# nullable: true
# error:
# type: string
# nullable: true
# description: Error message if refresh token is invalid