Add. Integration of Refresh token rotation to user apis

Author: shaikrasheed99

handlers/userHandler.go

@@ -20,12 +20,14 @@ type UserHandler interface {
 
 type userHandler struct {
 	us services.UserService
+	as services.AuthService
 }
 
-func NewUserHandler(us services.UserService) UserHandler {
+func NewUserHandler(us services.UserService, as services.AuthService) UserHandler {
 	fmt.Println("[NewUserHandler] Initiating New User Handler")
 	return &userHandler{
 		us: us,
+		as: as,
 	}
 }
 
@@ -50,6 +52,14 @@ func (uh *userHandler) UserByUsernameHandler(c *gin.Context) {
 		return
 	}
 
+	if !uh.isUserProvidesValidToken(c) {
+		errMessage := constants.MaliciousTokenErrorMessage
+		fmt.Println("[UserByUsernameHandler]", errMessage)
+		errRes := helpers.CreateErrorResponse(http.StatusUnauthorized, errMessage)
+		c.JSON(http.StatusUnauthorized, errRes)
+		return
+	}
+
 	user, err := uh.us.UserByUsername(username)
 	if err != nil {
 		fmt.Println("[UserByUsernameHandler]", err.Error())
@@ -76,6 +86,14 @@ func (uh *userHandler) GetAllUsers(c *gin.Context) {
 		return
 	}
 
+	if !uh.isUserProvidesValidToken(c) {
+		errMessage := constants.MaliciousTokenErrorMessage
+		fmt.Println("[GetAllUsersHandler]", errMessage)
+		errRes := helpers.CreateErrorResponse(http.StatusUnauthorized, errMessage)
+		c.JSON(http.StatusUnauthorized, errRes)
+		return
+	}
+
 	userList, err := uh.us.GetAllUsers()
 	if err != nil {
 		fmt.Println("[GetAllUsersHandler]", err.Error())
@@ -95,6 +113,30 @@ func (uh *userHandler) GetAllUsers(c *gin.Context) {
 	c.JSON(http.StatusOK, res)
 }
 
+func (uh *userHandler) isUserProvidesValidToken(c *gin.Context) bool {
+	clientToken := c.Request.Header.Get("Authorization")
+	tokenString := strings.Replace(clientToken, "Bearer ", "", 1)
+	username := c.GetString("username")
+
+	tokens, err := uh.as.FindTokensByUsername(username)
+	if err != nil {
+		fmt.Println("[UserByUsernameHandler]", err.Error())
+		return false
+	}
+
+	if !areTokensEqual(tokenString, tokens.AccessToken) {
+		errMessage := constants.MaliciousTokenErrorMessage
+		fmt.Println("[UserByUsernameHandler]", errMessage)
+		return false
+	}
+
+	return true
+}
+
+func areTokensEqual(tokenOne string, tokenTwo string) bool {
+	return tokenOne == tokenTwo
+}
+
 func isUserMatchesWith(c *gin.Context, inputUsername string) bool {
 	if isAdmin(c) {
 		return true

main.go

@@ -22,7 +22,7 @@ func main() {
 	as := services.NewAuthService(ar)
 
 	ah := handlers.NewAuthHandler(us, as)
-	uh := handlers.NewUserHandler(us)
+	uh := handlers.NewUserHandler(us, as)
 
 	app := gin.Default()
 

repositories/authRepository.go

@@ -10,6 +10,7 @@ import (
 
 type AuthRepository interface {
 	SaveTokens(string, string, string) error
+	FindTokensByUsername(string) (models.Tokens, error)
 }
 
 type authRepository struct {
@@ -42,3 +43,22 @@ func (ar *authRepository) SaveTokens(username string, accessToken string, refres
 	fmt.Println("[SaveTokensRepository] Tokens are saved")
 	return nil
 }
+
+func (ar *authRepository) FindTokensByUsername(username string) (models.Tokens, error) {
+	fmt.Println("[FindTokensByUsernameRepository] Hitting find tokens by username function in auth repository")
+
+	var tokens models.Tokens
+	res := ar.db.Where("username = ?", username).Find(&tokens)
+	if res.Error != nil {
+		fmt.Println("[FindTokensByUsernameRepository] Error while finding tokens by username")
+		return models.Tokens{}, res.Error
+	}
+
+	if res.RowsAffected == 0 {
+		fmt.Println("[FindTokensByUsernameRepository] Tokens are not found with username")
+		return models.Tokens{}, gorm.ErrRecordNotFound
+	}
+
+	fmt.Println("[FindTokensByUsernameRepository] Tokens are found")
+	return tokens, nil
+}

services/authService.go

@@ -1,13 +1,18 @@
 package services
 
 import (
+	"errors"
 	"fmt"
 
+	"github.com/shaikrasheed99/golang-user-jwt-authentication/constants"
+	"github.com/shaikrasheed99/golang-user-jwt-authentication/models"
 	"github.com/shaikrasheed99/golang-user-jwt-authentication/repositories"
+	"gorm.io/gorm"
 )
 
 type AuthService interface {
 	SaveTokensByUsername(string, string, string) error
+	FindTokensByUsername(string) (models.Tokens, error)
 }
 
 type authService struct {
@@ -33,3 +38,22 @@ func (as *authService) SaveTokensByUsername(username string, accessToken string,
 	fmt.Println("[SaveTokensByUsernameService] Tokens are saved")
 	return nil
 }
+
+func (as *authService) FindTokensByUsername(username string) (models.Tokens, error) {
+	fmt.Println("[FindTokensByUsernameService] Hitting tokens by username function in auth service")
+
+	tokens, err := as.ar.FindTokensByUsername(username)
+	if err == gorm.ErrRecordNotFound {
+		errMessage := constants.TokensNotFoundErrorMessage
+		fmt.Println("[FindTokensByUsernameService]", errMessage)
+		return models.Tokens{}, errors.New(errMessage)
+	}
+
+	if err != nil {
+		fmt.Println("[FindTokensByUsernameService]", err.Error())
+		return models.Tokens{}, err
+	}
+
+	fmt.Println("[FindTokensByUsernameService] Returned tokens from repository")
+	return tokens, nil
+}