2021-05-20 11:33:35 +00:00
|
|
|
package eventstore
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"time"
|
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/logging"
|
2021-05-20 11:33:35 +00:00
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
"github.com/zitadel/zitadel/internal/auth/repository/eventsourcing/view"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
|
|
v1 "github.com/zitadel/zitadel/internal/eventstore/v1"
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
|
|
usr_model "github.com/zitadel/zitadel/internal/user/model"
|
|
|
|
usr_view "github.com/zitadel/zitadel/internal/user/repository/view"
|
|
|
|
"github.com/zitadel/zitadel/internal/user/repository/view/model"
|
2021-05-20 11:33:35 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type RefreshTokenRepo struct {
|
|
|
|
Eventstore v1.Eventstore
|
|
|
|
View *view.View
|
|
|
|
SearchLimit uint64
|
|
|
|
KeyAlgorithm crypto.EncryptionAlgorithm
|
|
|
|
}
|
|
|
|
|
2023-03-28 11:28:56 +00:00
|
|
|
func (r *RefreshTokenRepo) RefreshTokenByToken(ctx context.Context, refreshToken string) (*usr_model.RefreshTokenView, error) {
|
2021-05-20 11:33:35 +00:00
|
|
|
userID, tokenID, token, err := domain.FromRefreshToken(refreshToken, r.KeyAlgorithm)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-03-28 11:28:56 +00:00
|
|
|
tokenView, err := r.RefreshTokenByID(ctx, tokenID, userID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if tokenView.Token != token {
|
|
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.User.RefreshToken.Invalid")
|
|
|
|
}
|
|
|
|
return tokenView, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r *RefreshTokenRepo) RefreshTokenByID(ctx context.Context, tokenID, userID string) (*usr_model.RefreshTokenView, error) {
|
2023-04-28 14:28:13 +00:00
|
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
|
|
tokenView, viewErr := r.View.RefreshTokenByID(tokenID, instanceID)
|
2021-05-20 11:33:35 +00:00
|
|
|
if viewErr != nil && !errors.IsNotFound(viewErr) {
|
|
|
|
return nil, viewErr
|
|
|
|
}
|
|
|
|
if errors.IsNotFound(viewErr) {
|
2023-04-28 14:28:13 +00:00
|
|
|
sequence, err := r.View.GetLatestRefreshTokenSequence(ctx, instanceID)
|
|
|
|
logging.WithFields("instanceID", instanceID, "userID", userID, "tokenID", tokenID).
|
|
|
|
OnError(err).
|
|
|
|
Errorf("could not get current sequence for RefreshTokenByID")
|
|
|
|
|
2021-05-20 11:33:35 +00:00
|
|
|
tokenView = new(model.RefreshTokenView)
|
|
|
|
tokenView.ID = tokenID
|
|
|
|
tokenView.UserID = userID
|
2023-04-28 14:28:13 +00:00
|
|
|
tokenView.InstanceID = instanceID
|
|
|
|
if sequence != nil {
|
|
|
|
tokenView.Sequence = sequence.CurrentSequence
|
|
|
|
}
|
2021-05-20 11:33:35 +00:00
|
|
|
}
|
|
|
|
|
2023-07-27 12:10:19 +00:00
|
|
|
events, esErr := r.getUserEvents(ctx, userID, tokenView.InstanceID, tokenView.Sequence, tokenView.GetRelevantEventTypes())
|
2021-05-20 11:33:35 +00:00
|
|
|
if errors.IsNotFound(viewErr) && len(events) == 0 {
|
|
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-BHB52", "Errors.User.RefreshToken.Invalid")
|
|
|
|
}
|
|
|
|
|
|
|
|
if esErr != nil {
|
|
|
|
logging.Log("EVENT-AE462").WithError(viewErr).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("error retrieving new events")
|
|
|
|
return model.RefreshTokenViewToModel(tokenView), nil
|
|
|
|
}
|
|
|
|
viewToken := *tokenView
|
|
|
|
for _, event := range events {
|
|
|
|
err := tokenView.AppendEventIfMyRefreshToken(event)
|
|
|
|
if err != nil {
|
|
|
|
return model.RefreshTokenViewToModel(&viewToken), nil
|
|
|
|
}
|
|
|
|
}
|
2023-03-28 11:28:56 +00:00
|
|
|
if !tokenView.Expiration.After(time.Now()) {
|
2021-05-20 11:33:35 +00:00
|
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-5Bm9s", "Errors.User.RefreshToken.Invalid")
|
|
|
|
}
|
|
|
|
return model.RefreshTokenViewToModel(tokenView), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r *RefreshTokenRepo) SearchMyRefreshTokens(ctx context.Context, userID string, request *usr_model.RefreshTokenSearchRequest) (*usr_model.RefreshTokenSearchResponse, error) {
|
|
|
|
err := request.EnsureLimit(r.SearchLimit)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-04-28 14:28:13 +00:00
|
|
|
sequence, err := r.View.GetLatestRefreshTokenSequence(ctx, authz.GetInstance(ctx).InstanceID())
|
2021-05-20 11:33:35 +00:00
|
|
|
logging.Log("EVENT-GBdn4").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest refresh token sequence")
|
|
|
|
request.Queries = append(request.Queries, &usr_model.RefreshTokenSearchQuery{Key: usr_model.RefreshTokenSearchKeyUserID, Method: domain.SearchMethodEquals, Value: userID})
|
|
|
|
tokens, count, err := r.View.SearchRefreshTokens(request)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &usr_model.RefreshTokenSearchResponse{
|
|
|
|
Offset: request.Offset,
|
|
|
|
Limit: request.Limit,
|
|
|
|
TotalResult: count,
|
|
|
|
Sequence: sequence.CurrentSequence,
|
|
|
|
Timestamp: sequence.LastSuccessfulSpoolerRun,
|
|
|
|
Result: model.RefreshTokenViewsToModel(tokens),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2023-07-27 12:10:19 +00:00
|
|
|
func (r *RefreshTokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64, eventTypes []models.EventType) ([]*models.Event, error) {
|
|
|
|
query, err := usr_view.UserByIDQuery(userID, instanceID, sequence, eventTypes)
|
2021-05-20 11:33:35 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return r.Eventstore.FilterEvents(ctx, query)
|
|
|
|
}
|