access token excluded from refresh and logout

internal/api/user/controller.go

@@ -209,14 +209,15 @@ func (co *controller) login(c *gin.Context) {
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/logout	[post]
 func (co *controller) logout(c *gin.Context) {
-	userUuid, refreshUuid, err := co.utils.GetAllTokensFromContext(c)
+	cookie, err := c.Request.Cookie("refresh_uuid")
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
-		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
-		return
+		log.WithError(err).Error("User | Failed to get refresh cookie")
 	}
 
-	if err = co.service.logout(userUuid, refreshUuid); err != nil {
+	refreshUuid := cookie.Value
+
+	if err = co.service.logout(refreshUuid); err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to logout")
 		return
@@ -234,15 +235,15 @@ func (co *controller) logout(c *gin.Context) {
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/refresh	[post]
 func (co *controller) refresh(c *gin.Context) {
-	//токены будут помещены в контекст при срабатывании мидлвари авторизации
-	userUuid, refreshUuid, err := co.utils.GetAllTokensFromContext(c)
+	cookie, err := c.Request.Cookie("refresh_uuid")
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
-		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
-		return
+		log.WithError(err).Error("User | Failed to get refresh cookie")
 	}
 
-	response, err := co.service.refresh(userUuid, refreshUuid)
+	refreshUuid := cookie.Value
+
+	response, err := co.service.refresh(refreshUuid)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to refresh user info")

internal/api/user/service.go

@@ -120,10 +120,10 @@ func (s *service) login(login Login) (shared.AuthData, error) {
 	return authData, nil
 }
 
-func (s *service) logout(userUuid, refreshUuid string) error {
-	return s.auth.Logout(userUuid, refreshUuid)
+func (s *service) logout(refreshUuid string) error {
+	return s.auth.Logout(refreshUuid)
 }
 
-func (s *service) refresh(userUuid, refreshUuid string) (shared.AuthData, error) {
-	return s.auth.Refresh(userUuid, refreshUuid)
+func (s *service) refresh(refreshUuid string) (shared.AuthData, error) {
+	return s.auth.Refresh(refreshUuid)
 }

internal/interfaces/auth.go

@@ -4,6 +4,6 @@ import "merch-parser-api/internal/shared"
 
 type Auth interface {
 	Login(userUuid string) (shared.AuthData, error)
-	Logout(userUuid, refreshUuid string) error
-	Refresh(userUuid, refreshUuid string) (shared.AuthData, error)
+	Logout(refreshUuid string) error
+	Refresh(refreshUuid string) (shared.AuthData, error)
 }

internal/provider/auth/repository.go

@@ -7,8 +7,8 @@ import (
 
 type Repository interface {
 	CreateRefreshToken(token *Session) error
-	ReadRefreshToken(userUuid, tokenUuid string) (Session, error)
-	InvalidateRefreshToken(userUuid, refreshUuid string) error
+	ReadRefreshToken(tokenUuid string) (Session, error)
+	InvalidateRefreshToken(refreshUuid string) error
 }
 
 type repo struct {
@@ -23,11 +23,10 @@ func (r *repo) CreateRefreshToken(token *Session) error {
 	return r.db.Create(token).Error
 }
 
-func (r *repo) ReadRefreshToken(userUuid, tokenUuid string) (Session, error) {
+func (r *repo) ReadRefreshToken(tokenUuid string) (Session, error) {
 	var tokenData Session
 
 	if err := r.db.
-		Where("user_uuid = ?", userUuid).
 		Where("refresh_uuid = ?", tokenUuid).
 		Where("deleted_at IS NULL").
 		First(&tokenData).Error; err != nil {
@@ -37,10 +36,9 @@ func (r *repo) ReadRefreshToken(userUuid, tokenUuid string) (Session, error) {
 	return tokenData, nil
 }
 
-func (r *repo) InvalidateRefreshToken(userUuid, refreshUuid string) error {
+func (r *repo) InvalidateRefreshToken(refreshUuid string) error {
 	return r.db.
 		Model(&Session{}).
-		Where("user_uuid = ?", userUuid).
 		Where("refresh_uuid = ?", refreshUuid).
 		Update("deleted_at", time.Now().UTC()).Error
 }

internal/provider/auth/service.go

@@ -26,10 +26,10 @@ func (s *Service) Login(userUuid string) (shared.AuthData, error) {
 	return s.newSession(userUuid)
 }
 
-func (s *Service) Refresh(userUuid, refreshUuid string) (shared.AuthData, error) {
+func (s *Service) Refresh(refreshUuid string) (shared.AuthData, error) {
 	var err error
 
-	tokenData, err := s.repo.ReadRefreshToken(userUuid, refreshUuid)
+	tokenData, err := s.repo.ReadRefreshToken(refreshUuid)
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return shared.AuthData{}, errors.New("refresh token is not valid or doesn't exist")
@@ -38,20 +38,20 @@ func (s *Service) Refresh(userUuid, refreshUuid string) (shared.AuthData, error)
 	}
 
 	if time.Now().After(tokenData.Expires) {
-		_ = s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+		_ = s.repo.InvalidateRefreshToken(refreshUuid)
 		return shared.AuthData{}, errors.New("token expired")
 	}
 
-	err = s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+	err = s.repo.InvalidateRefreshToken(refreshUuid)
 	if err != nil {
 		return shared.AuthData{}, err
 	}
 
-	return s.updateSession(userUuid, tokenData.SessionUuid)
+	return s.updateSession(tokenData.UserUuid, tokenData.SessionUuid)
 }
 
-func (s *Service) Logout(userUuid, refreshUuid string) error {
-	return s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+func (s *Service) Logout(refreshUuid string) error {
+	return s.repo.InvalidateRefreshToken(refreshUuid)
 }
 
 func (s *Service) newSession(userUuid string) (shared.AuthData, error) {