session id check by refresh token

2025-09-10 20:19:51 +03:00 · 2025-09-10 20:19:51 +03:00 · 6d20fc3ed6
commit 6d20fc3ed6
parent a8c974994b
11 changed files with 74 additions and 103 deletions
--- a/internal/api/user/controller.go
+++ b/internal/api/user/controller.go
@ -11,16 +11,15 @@ import (
 )

 type controller struct {
-	service      *service
-	utils        interfaces.Utils
-	refreshRoute string
+	service  *service
+	utils    interfaces.Utils
+	authPath string
 }

-func newController(service *service, utils interfaces.Utils, refreshRoute string) *controller {
+func newController(service *service, utils interfaces.Utils) *controller {
 	return &controller{
-		service:      service,
-		utils:        utils,
-		refreshRoute: refreshRoute,
+		service: service,
+		utils:   utils,
 	}
 }

@ -33,9 +32,12 @@ func (h *Handler) RegisterRoutes(r *gin.RouterGroup) {
 	userGroup.DELETE("/", h.controller.delete)

 	//auth
-	userGroup.POST("/login", h.controller.login)
-	userGroup.POST("/logout", h.controller.logout)
-	userGroup.POST("/refresh", h.controller.refresh)
+	h.controller.authPath = "/user/auth"
+
+	authGroup := userGroup.Group("/auth")
+	authGroup.POST("/login", h.controller.login)
+	authGroup.POST("/logout", h.controller.logout)
+	authGroup.POST("/refresh", h.controller.refresh)
 }

 func (h *Handler) ExcludeRoutes() []shared.ExcludeRoute {
@ -187,7 +189,7 @@ func (co *controller) login(c *gin.Context) {
 		response.RefreshCookie.Name,
 		response.RefreshCookie.Value,
 		int(time.Until(response.RefreshCookie.Expires).Seconds()),
-		co.refreshRoute,
+		co.authPath,
 		"",
 		response.RefreshCookie.Secure,
 		response.RefreshCookie.HttpOnly,
@ -206,14 +208,14 @@ func (co *controller) login(c *gin.Context) {
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/logout	[post]
 func (co *controller) logout(c *gin.Context) {
-	userUuid, refreshUuid, sessionUuid, err := co.utils.GetAllTokensFromContext(c)
+	userUuid, refreshUuid, err := co.utils.GetAllTokensFromContext(c)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
 		return
 	}

-	if err = co.service.logout(userUuid, refreshUuid, sessionUuid); err != nil {
+	if err = co.service.logout(userUuid, refreshUuid); err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to logout")
 		return
@ -232,14 +234,14 @@ func (co *controller) logout(c *gin.Context) {
 // @Router			/user/refresh	[post]
 func (co *controller) refresh(c *gin.Context) {
 	//токены будут помещены в контекст при срабатывании мидлвари авторизации
-	userUuid, refreshUuid, sessionUuid, err := co.utils.GetAllTokensFromContext(c)
+	userUuid, refreshUuid, err := co.utils.GetAllTokensFromContext(c)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
 		return
 	}

-	response, err := co.service.refresh(userUuid, refreshUuid, sessionUuid)
+	response, err := co.service.refresh(userUuid, refreshUuid)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to refresh user info")
--- a/internal/api/user/handler.go
+++ b/internal/api/user/handler.go
@ -12,16 +12,15 @@ type Handler struct {
 }

 type Deps struct {
-	Auth         interfaces.Auth
-	DB           *gorm.DB
-	Utils        interfaces.Utils
-	RefreshRoute string
+	Auth  interfaces.Auth
+	DB    *gorm.DB
+	Utils interfaces.Utils
 }

 func NewHandler(deps Deps) *Handler {
 	r := newRepo(deps.DB)
 	s := newService(deps.Auth, r, deps.Utils)
-	c := newController(s, deps.Utils, deps.RefreshRoute)
+	c := newController(s, deps.Utils)

 	return &Handler{
 		controller: c,
--- a/internal/api/user/service.go
+++ b/internal/api/user/service.go
@ -120,10 +120,10 @@ func (s *service) login(login Login) (shared.AuthData, error) {
 	return authData, nil
 }

-func (s *service) logout(userUuid, refreshUuid, sessionUuid string) error {
-	return s.auth.Logout(userUuid, refreshUuid, sessionUuid)
+func (s *service) logout(userUuid, refreshUuid string) error {
+	return s.auth.Logout(userUuid, refreshUuid)
 }

-func (s *service) refresh(userUuid, refreshUuid, sessionUuid string) (shared.AuthData, error) {
-	return s.auth.Refresh(userUuid, refreshUuid, sessionUuid)
+func (s *service) refresh(userUuid, refreshUuid string) (shared.AuthData, error) {
+	return s.auth.Refresh(userUuid, refreshUuid)
 }