access token excluded from refresh and logout

2025-09-10 23:11:05 +03:00 · 2025-09-10 23:11:05 +03:00 · 404a52473d
commit 404a52473d
parent 0dc93fcd16
5 changed files with 27 additions and 28 deletions
--- a/internal/api/user/controller.go
+++ b/internal/api/user/controller.go
@ -209,14 +209,15 @@ func (co *controller) login(c *gin.Context) {
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/logout	[post]
 func (co *controller) logout(c *gin.Context) {
-	userUuid, refreshUuid, err := co.utils.GetAllTokensFromContext(c)
+	cookie, err := c.Request.Cookie("refresh_uuid")
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
-		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
+		log.WithError(err).Error("User | Failed to get refresh cookie")
 		return
 	}
-	if err = co.service.logout(userUuid, refreshUuid); err != nil {
+	refreshUuid := cookie.Value
 	if err = co.service.logout(refreshUuid); err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to logout")
 		return
@ -234,15 +235,15 @@ func (co *controller) logout(c *gin.Context) {
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/refresh	[post]
 func (co *controller) refresh(c *gin.Context) {
-	//токены будут помещены в контекст при срабатывании мидлвари авторизации
+	cookie, err := c.Request.Cookie("refresh_uuid")
 	userUuid, refreshUuid, err := co.utils.GetAllTokensFromContext(c)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
-		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
+		log.WithError(err).Error("User | Failed to get refresh cookie")
 		return
 	}
-	response, err := co.service.refresh(userUuid, refreshUuid)
+	refreshUuid := cookie.Value
 	response, err := co.service.refresh(refreshUuid)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to refresh user info")
--- a/internal/api/user/service.go
+++ b/internal/api/user/service.go
@ -120,10 +120,10 @@ func (s *service) login(login Login) (shared.AuthData, error) {
 	return authData, nil
 }
-func (s *service) logout(userUuid, refreshUuid string) error {
+func (s *service) logout(refreshUuid string) error {
-	return s.auth.Logout(userUuid, refreshUuid)
+	return s.auth.Logout(refreshUuid)
 }
-func (s *service) refresh(userUuid, refreshUuid string) (shared.AuthData, error) {
+func (s *service) refresh(refreshUuid string) (shared.AuthData, error) {
-	return s.auth.Refresh(userUuid, refreshUuid)
+	return s.auth.Refresh(refreshUuid)
 }
--- a/internal/interfaces/auth.go
+++ b/internal/interfaces/auth.go
@ -4,6 +4,6 @@ import "merch-parser-api/internal/shared"
 type Auth interface {
 	Login(userUuid string) (shared.AuthData, error)
-	Logout(userUuid, refreshUuid string) error
+	Logout(refreshUuid string) error
-	Refresh(userUuid, refreshUuid string) (shared.AuthData, error)
+	Refresh(refreshUuid string) (shared.AuthData, error)
 }
--- a/internal/provider/auth/repository.go
+++ b/internal/provider/auth/repository.go
@ -7,8 +7,8 @@ import (
 type Repository interface {
 	CreateRefreshToken(token *Session) error
-	ReadRefreshToken(userUuid, tokenUuid string) (Session, error)
+	ReadRefreshToken(tokenUuid string) (Session, error)
-	InvalidateRefreshToken(userUuid, refreshUuid string) error
+	InvalidateRefreshToken(refreshUuid string) error
 }
 type repo struct {
@ -23,11 +23,10 @@ func (r *repo) CreateRefreshToken(token *Session) error {
 	return r.db.Create(token).Error
 }
-func (r *repo) ReadRefreshToken(userUuid, tokenUuid string) (Session, error) {
+func (r *repo) ReadRefreshToken(tokenUuid string) (Session, error) {
 	var tokenData Session
 	if err := r.db.
 		Where("user_uuid = ?", userUuid).
 		Where("refresh_uuid = ?", tokenUuid).
 		Where("deleted_at IS NULL").
 		First(&tokenData).Error; err != nil {
@ -37,10 +36,9 @@ func (r *repo) ReadRefreshToken(userUuid, tokenUuid string) (Session, error) {
 	return tokenData, nil
 }
-func (r *repo) InvalidateRefreshToken(userUuid, refreshUuid string) error {
+func (r *repo) InvalidateRefreshToken(refreshUuid string) error {
 	return r.db.
 		Model(&Session{}).
 		Where("user_uuid = ?", userUuid).
 		Where("refresh_uuid = ?", refreshUuid).
 		Update("deleted_at", time.Now().UTC()).Error
 }
--- a/internal/provider/auth/service.go
+++ b/internal/provider/auth/service.go
@ -26,10 +26,10 @@ func (s *Service) Login(userUuid string) (shared.AuthData, error) {
 	return s.newSession(userUuid)
 }
-func (s *Service) Refresh(userUuid, refreshUuid string) (shared.AuthData, error) {
+func (s *Service) Refresh(refreshUuid string) (shared.AuthData, error) {
 	var err error
-	tokenData, err := s.repo.ReadRefreshToken(userUuid, refreshUuid)
+	tokenData, err := s.repo.ReadRefreshToken(refreshUuid)
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return shared.AuthData{}, errors.New("refresh token is not valid or doesn't exist")
@ -38,20 +38,20 @@ func (s *Service) Refresh(userUuid, refreshUuid string) (shared.AuthData, error)
 	}
 	if time.Now().After(tokenData.Expires) {
-		_ = s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+		_ = s.repo.InvalidateRefreshToken(refreshUuid)
 		return shared.AuthData{}, errors.New("token expired")
 	}
-	err = s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+	err = s.repo.InvalidateRefreshToken(refreshUuid)
 	if err != nil {
 		return shared.AuthData{}, err
 	}
-	return s.updateSession(userUuid, tokenData.SessionUuid)
+	return s.updateSession(tokenData.UserUuid, tokenData.SessionUuid)
 }
-func (s *Service) Logout(userUuid, refreshUuid string) error {
+func (s *Service) Logout(refreshUuid string) error {
-	return s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+	return s.repo.InvalidateRefreshToken(refreshUuid)
 }
 func (s *Service) newSession(userUuid string) (shared.AuthData, error) {