2021-05-20 11:33:35 +00:00
|
|
|
package domain
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"strings"
|
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
2023-12-08 14:30:55 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2021-05-20 11:33:35 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func NewRefreshToken(userID, tokenID string, algorithm crypto.EncryptionAlgorithm) (string, error) {
|
|
|
|
return RefreshToken(userID, tokenID, tokenID, algorithm)
|
|
|
|
}
|
|
|
|
|
|
|
|
func RefreshToken(userID, tokenID, token string, algorithm crypto.EncryptionAlgorithm) (string, error) {
|
|
|
|
encrypted, err := algorithm.Encrypt([]byte(userID + ":" + tokenID + ":" + token))
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return base64.RawURLEncoding.EncodeToString(encrypted), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func FromRefreshToken(refreshToken string, algorithm crypto.EncryptionAlgorithm) (userID, tokenID, token string, err error) {
|
|
|
|
decoded, err := base64.RawURLEncoding.DecodeString(refreshToken)
|
|
|
|
if err != nil {
|
2024-04-09 06:42:59 +00:00
|
|
|
return "", "", "", zerrors.ThrowInvalidArgument(err, "DOMAIN-BGDhn", "Errors.User.RefreshToken.Invalid")
|
2021-05-20 11:33:35 +00:00
|
|
|
}
|
2024-08-02 08:38:37 +00:00
|
|
|
decrypted, err := algorithm.DecryptString(decoded, algorithm.EncryptionKeyID())
|
2021-05-20 11:33:35 +00:00
|
|
|
if err != nil {
|
2024-08-02 08:38:37 +00:00
|
|
|
return "", "", "", zerrors.ThrowInvalidArgument(err, "DOMAIN-rie9A", "Errors.User.RefreshToken.Invalid")
|
2021-05-20 11:33:35 +00:00
|
|
|
}
|
2024-08-02 08:38:37 +00:00
|
|
|
split := strings.Split(decrypted, ":")
|
2021-05-20 11:33:35 +00:00
|
|
|
if len(split) != 3 {
|
2024-08-02 08:38:37 +00:00
|
|
|
return "", "", "", zerrors.ThrowInvalidArgument(nil, "DOMAIN-Se8oh", "Errors.User.RefreshToken.Invalid")
|
2021-05-20 11:33:35 +00:00
|
|
|
}
|
|
|
|
return split[0], split[1], split[2], nil
|
|
|
|
}
|