session id check by refresh token

2025-09-10 20:19:51 +03:00 · 2025-09-10 20:19:51 +03:00 · 6d20fc3ed6
commit 6d20fc3ed6
parent a8c974994b
11 changed files with 74 additions and 103 deletions
--- a/internal/router/handler.go
+++ b/internal/router/handler.go
@ -13,19 +13,17 @@ import (
 )

 type router struct {
-	apiPrefix         string
-	engine            *gin.Engine
-	ginMode           string
-	excludeRoutes     map[string]shared.ExcludeRoute
-	tokenProv         interfaces.JWTProvider
-	usersRefreshRoute string
+	apiPrefix     string
+	engine        *gin.Engine
+	ginMode       string
+	excludeRoutes map[string]shared.ExcludeRoute
+	tokenProv     interfaces.JWTProvider
 }

 type Deps struct {
-	ApiPrefix         string
-	GinMode           string
-	TokenProv         interfaces.JWTProvider
-	UsersRefreshRoute string
+	ApiPrefix string
+	GinMode   string
+	TokenProv interfaces.JWTProvider
 }

 func NewRouter(deps Deps) interfaces.Router {
@ -50,10 +48,9 @@ func NewRouter(deps Deps) interfaces.Router {
 	}))

 	return &router{
-		apiPrefix:         deps.ApiPrefix,
-		engine:            engine,
-		tokenProv:         deps.TokenProv,
-		usersRefreshRoute: deps.UsersRefreshRoute,
+		apiPrefix: deps.ApiPrefix,
+		engine:    engine,
+		tokenProv: deps.TokenProv,
 	}
 }

@ -69,10 +66,9 @@ func (r *router) Set() *gin.Engine {
 	r.engine.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))

 	r.engine.Use(authMiddleware(mwDeps{
-		prefix:            r.apiPrefix,
-		excludeRoutes:     &r.excludeRoutes,
-		tokenProv:         r.tokenProv,
-		usersRefreshRoute: r.usersRefreshRoute,
+		prefix:        r.apiPrefix,
+		excludeRoutes: &r.excludeRoutes,
+		tokenProv:     r.tokenProv,
 	}))

 	return r.engine
--- a/internal/router/middleware.go
+++ b/internal/router/middleware.go
@ -10,10 +10,9 @@ import (
 )

 type mwDeps struct {
-	prefix            string
-	excludeRoutes     *map[string]shared.ExcludeRoute
-	tokenProv         interfaces.JWTProvider
-	usersRefreshRoute string
+	prefix        string
+	excludeRoutes *map[string]shared.ExcludeRoute
+	tokenProv     interfaces.JWTProvider
 }

 func authMiddleware(deps mwDeps) gin.HandlerFunc {
@ -24,7 +23,7 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc {
 			return
 		}

-		if c.FullPath() == deps.usersRefreshRoute && c.Request.Method == "POST" {
+		if (c.FullPath() == "/user/auth/refresh" || c.FullPath() == "/user/auth/logout") && c.Request.Method == "POST" {
 			refreshUuid, err := c.Cookie("refresh_uuid")
 			if err != nil {
 				c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: "Refresh token is required"})
@ -48,7 +47,7 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc {
 			return
 		}

-		userUuid, sessionUuid, err := deps.tokenProv.Parse(token)
+		userUuid, err := deps.tokenProv.Parse(token)
 		if err != nil {
 			c.JSON(http.StatusUnauthorized, responses.ErrorResponse401{Error: err.Error()})
 			log.WithField("msg", "error parsing jwt").Error("MW | Authorization")
@ -57,11 +56,9 @@ func authMiddleware(deps mwDeps) gin.HandlerFunc {
 		}

 		c.Set("userUuid", userUuid)
-		c.Set("sessionUuid", sessionUuid)

 		log.WithFields(log.Fields{
-			"userUuid":    userUuid,
-			"sessionUuid": sessionUuid,
+			"userUuid": userUuid,
 		}).Debug("MW | Parsed uuids")

 		if !c.IsAborted() {