auto logout
This commit is contained in:
@@ -5,8 +5,10 @@ import (
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"github.com/jmoiron/sqlx"
|
||||
"sismedika.com/sas/westone/configs"
|
||||
"sismedika.com/sas/westone/types"
|
||||
"sismedika.com/sas/westone/utils"
|
||||
@@ -64,7 +66,7 @@ func CreateJWT(data types.DataJWT) (string, error) {
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"M_UserID": data.M_UserID,
|
||||
"M_UserEmail": data.M_UserEmail,
|
||||
"M_UserUsername": data.M_UserUsername,
|
||||
"M_UserName": data.M_UserName,
|
||||
"M_UserGroupDashboard": data.M_UserGroupDashboard,
|
||||
"M_UserDefaultTSampleStationID": data.M_UserDefaultTSampleStationID,
|
||||
"M_StaffName": data.M_StaffName,
|
||||
@@ -88,7 +90,9 @@ func CreateJWT(data types.DataJWT) (string, error) {
|
||||
func validateJWT(tokenString string) (*jwt.Token, error) {
|
||||
return jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||
err := fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||
fmt.Printf("Error validating JWT token: %v\n", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return []byte(configs.Envs.JWTSecret), nil
|
||||
@@ -98,6 +102,9 @@ func validateJWT(tokenString string) (*jwt.Token, error) {
|
||||
func permissionDenied(w http.ResponseWriter) {
|
||||
utils.WriteError(w, http.StatusForbidden, fmt.Errorf("PERMISSION DENIED"))
|
||||
}
|
||||
func tokenExpired(w http.ResponseWriter) {
|
||||
utils.WriteError(w, http.StatusForbidden, fmt.Errorf("TOKEN EXPIRED"))
|
||||
}
|
||||
|
||||
func GetUserIDFromContext(ctx context.Context) int {
|
||||
userID, ok := ctx.Value(UserContextKey).(int)
|
||||
@@ -132,3 +139,125 @@ func AuthMiddleware(next http.Handler) http.Handler {
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
func WithAuthStore(store types.OauthStore) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := context.WithValue(r.Context(), "auth_store", store)
|
||||
|
||||
//start
|
||||
tokenstr := utils.GetTokenFromRequest(r)
|
||||
token, err := validateJWT(tokenstr)
|
||||
if err != nil {
|
||||
log.Printf("[ERROR] Failed to validate jwt token: %v", err)
|
||||
permissionDenied(w)
|
||||
return
|
||||
}
|
||||
|
||||
if !token.Valid {
|
||||
log.Println("[ERROR] Invalid token")
|
||||
permissionDenied(w)
|
||||
return
|
||||
}
|
||||
|
||||
// claims := token.Claims.(jwt.MapClaims)
|
||||
// userID := int(claims["M_UserID"].(float64))
|
||||
|
||||
// Ambil store dari context
|
||||
// fmt.Printf("store: %v", store)
|
||||
// store, ok := r.Context().Value("auth_store").(types.OauthStore)
|
||||
// if !ok {
|
||||
// log.Println("[ERROR] Auth store not found in context")
|
||||
// permissionDenied(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
// Update expired token
|
||||
if err := store.UpdateExpiredToken(tokenstr); err != nil {
|
||||
if err.Error() == "token expired" {
|
||||
tokenExpired(w)
|
||||
} else {
|
||||
log.Printf("[ERROR] Failed to update token expiry: %v", err)
|
||||
permissionDenied(w)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
//end
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func UpdateExpiredTokentest(userID int, db *sqlx.DB) error {
|
||||
tx, err := db.BeginTxx(context.Background(), nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to begin transaction: %v", err)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
if err != nil {
|
||||
tx.Rollback()
|
||||
}
|
||||
}()
|
||||
|
||||
qrySys := `SELECT Conf_SystemIsAutoLogOut, Conf_SystemAutoLogOutDuration FROM conf_system LIMIT 1`
|
||||
var isAutoLogOut string
|
||||
var autoLogOutDuration int
|
||||
err = db.QueryRow(qrySys).Scan(&isAutoLogOut, &autoLogOutDuration)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get system config: %v", err)
|
||||
}
|
||||
|
||||
if isAutoLogOut == "Y" {
|
||||
qryEt := `SELECT DATE_FORMAT(M_UserExpiredToken, '%Y-%m-%d %H:%i:%s') as M_UserExpiredToken FROM m_user WHERE M_UserID = ?`
|
||||
|
||||
var expiredToken string
|
||||
err = db.Get(&expiredToken, qryEt, userID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get expired token: %v", err)
|
||||
}
|
||||
|
||||
timeNow := time.Now()
|
||||
expiredTime, err := time.Parse("2006-01-02 15:04:05", expiredToken)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse expired token: %v", err)
|
||||
}
|
||||
|
||||
if timeNow.After(expiredTime) {
|
||||
return fmt.Errorf("token expired")
|
||||
}
|
||||
|
||||
timeNowAdd := timeNow.Add(time.Duration(autoLogOutDuration) * time.Minute)
|
||||
qryUpdateExpiredToken := `UPDATE m_user SET M_UserExpiredToken = ? WHERE M_UserID = ?`
|
||||
_, err = tx.Exec(qryUpdateExpiredToken, timeNowAdd.Format("2006-01-02 15:04:05"), userID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to update expired token: %v", err)
|
||||
}
|
||||
|
||||
qry := `UPDATE m_user SET M_UserExpiredToken = NOW() WHERE M_UserID = :userID`
|
||||
|
||||
_, err = tx.NamedExec(qry, map[string]interface{}{
|
||||
"userID": userID,
|
||||
})
|
||||
fmt.Println("err", err)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to update expired token: %v", err)
|
||||
}
|
||||
|
||||
if err = tx.Commit(); err != nil {
|
||||
return fmt.Errorf("failed to commit transaction: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Middleware untuk menyimpan store ke context
|
||||
func WithStore(store *Store) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := context.WithValue(r.Context(), "store", store)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user