@@ -2,10 +2,15 @@ package handlers
22
33import (
44 "net/http"
5+ "time"
56
67 "github.com/labstack/echo/v4"
8+ "github.com/lestrrat-go/jwx/v2/jwa"
9+ "github.com/lestrrat-go/jwx/v2/jwt"
710
811 "github.com/CodeChefVIT/devsoc-backend-26/pkg/controllers"
12+ "github.com/CodeChefVIT/devsoc-backend-26/pkg/utils"
13+ "os"
914)
1015
1116func RequestOTP (c echo.Context ) error {
@@ -42,12 +47,89 @@ func VerifyOTP(c echo.Context) error {
4247 return c .JSON (http .StatusBadRequest , "invalid request" )
4348 }
4449
45- token , err := controllers .VerifyOTP (req .Email , req .OTP )
50+ accessToken , refreshToken , err := controllers .VerifyOTP (req .Email , req .OTP )
4651 if err != nil {
4752 return c .JSON (http .StatusUnauthorized , "invalid or expired otp" )
4853 }
4954
55+ // access token in pookie
56+ c .SetCookie (& http.Cookie {
57+ Name : "access_token" ,
58+ Value : accessToken ,
59+ Path : "/" ,
60+ MaxAge : 3600 , // 1 ghanta
61+ HttpOnly : true ,
62+ SameSite : http .SameSiteLaxMode ,
63+ })
64+
65+ // refresh token in pookie
66+ c .SetCookie (& http.Cookie {
67+ Name : "refresh_token" ,
68+ Value : refreshToken ,
69+ Path : "/" ,
70+ MaxAge : 7200 , // 2 ghante
71+ HttpOnly : true ,
72+ SameSite : http .SameSiteLaxMode ,
73+ })
74+
5075 return c .JSON (http .StatusOK , map [string ]string {
51- "token " : token ,
76+ "message " : "user verified and logged in" ,
5277 })
5378}
79+
80+ func Refresh (c echo.Context ) error {
81+ // Reading refresh token from pookie
82+ cookie , err := c .Cookie ("refresh_token" )
83+ if err != nil || cookie .Value == "" {
84+ return c .JSON (http .StatusUnauthorized , "missing refresh token" )
85+ }
86+
87+ jwtKey := []byte (os .Getenv ("JWT_SECRET" ))
88+
89+ // Parsing and validatng refresh token
90+ tok , err := jwt .Parse (
91+ []byte (cookie .Value ),
92+ jwt .WithKey (jwa .HS256 , jwtKey ),
93+ )
94+ if err != nil {
95+ return c .JSON (http .StatusUnauthorized , "invalid or expired refresh token" )
96+ }
97+
98+ // Verify token_type is "refresh"
99+ tokenType , ok := tok .Get ("token_type" )
100+ if ! ok || tokenType != "refresh" {
101+ return c .JSON (http .StatusUnauthorized , "invalid token type" )
102+ }
103+
104+ // Extracting ujer info
105+ userID := tok .Subject ()
106+ emailVal , ok := tok .Get ("email" )
107+ if ! ok {
108+ return c .JSON (http .StatusUnauthorized , "invalid token claims" )
109+ }
110+
111+ email , ok := emailVal .(string )
112+ if ! ok {
113+ return c .JSON (http .StatusUnauthorized , "invalid email claim" )
114+ }
115+
116+ // Issuing new access token (1 hour)
117+ newAccessToken , err := utils .CreateJWT (userID , email , "access" , 1 * time .Hour )
118+ if err != nil {
119+ return c .JSON (http .StatusInternalServerError , "failed to create token" )
120+ }
121+
122+ // Setting that new access token pookie
123+ c .SetCookie (& http.Cookie {
124+ Name : "access_token" ,
125+ Value : newAccessToken ,
126+ Path : "/" ,
127+ MaxAge : 3600 , // 1 hour
128+ HttpOnly : true ,
129+ SameSite : http .SameSiteLaxMode ,
130+ })
131+
132+ return c .JSON (http .StatusOK , map [string ]string {
133+ "message" : "accesstoken refreshed" ,
134+ })
135+ }
0 commit comments