mirror of
https://github.com/lordmathis/lemma.git
synced 2025-11-06 07:54:22 +00:00
92 lines
2.2 KiB
Go
92 lines
2.2 KiB
Go
// Package auth provides JWT token generation and validation
|
|
package auth
|
|
|
|
import (
|
|
"net/http"
|
|
)
|
|
|
|
// CookieManager interface defines methods for generating cookies
|
|
type CookieManager interface {
|
|
GenerateAccessTokenCookie(token string) *http.Cookie
|
|
GenerateRefreshTokenCookie(token string) *http.Cookie
|
|
GenerateCSRFCookie(token string) *http.Cookie
|
|
InvalidateCookie(cookieType string) *http.Cookie
|
|
}
|
|
|
|
// CookieService
|
|
type cookieManager struct {
|
|
Domain string
|
|
Secure bool
|
|
SameSite http.SameSite
|
|
}
|
|
|
|
// NewCookieService creates a new cookie service
|
|
func NewCookieService(isDevelopment bool, domain string) CookieManager {
|
|
secure := !isDevelopment
|
|
var sameSite http.SameSite
|
|
|
|
if isDevelopment {
|
|
sameSite = http.SameSiteLaxMode
|
|
} else {
|
|
sameSite = http.SameSiteStrictMode
|
|
}
|
|
|
|
return &cookieManager{
|
|
Domain: domain,
|
|
Secure: secure,
|
|
SameSite: sameSite,
|
|
}
|
|
}
|
|
|
|
// GenerateAccessTokenCookie creates a new cookie for the access token
|
|
func (c *cookieManager) GenerateAccessTokenCookie(token string) *http.Cookie {
|
|
return &http.Cookie{
|
|
Name: "access_token",
|
|
Value: token,
|
|
HttpOnly: true,
|
|
Secure: c.Secure,
|
|
SameSite: c.SameSite,
|
|
Path: "/",
|
|
MaxAge: 900, // 15 minutes
|
|
}
|
|
}
|
|
|
|
// GenerateRefreshTokenCookie creates a new cookie for the refresh token
|
|
func (c *cookieManager) GenerateRefreshTokenCookie(token string) *http.Cookie {
|
|
return &http.Cookie{
|
|
Name: "refresh_token",
|
|
Value: token,
|
|
HttpOnly: true,
|
|
Secure: c.Secure,
|
|
SameSite: c.SameSite,
|
|
Path: "/",
|
|
MaxAge: 604800, // 7 days
|
|
}
|
|
}
|
|
|
|
// GenerateCSRFCookie creates a new cookie for the CSRF token
|
|
func (c *cookieManager) GenerateCSRFCookie(token string) *http.Cookie {
|
|
return &http.Cookie{
|
|
Name: "csrf_token",
|
|
Value: token,
|
|
HttpOnly: false, // Frontend needs to read this
|
|
Secure: c.Secure,
|
|
SameSite: c.SameSite,
|
|
Path: "/",
|
|
MaxAge: 900,
|
|
}
|
|
}
|
|
|
|
// InvalidateCookie creates a new cookie with a MaxAge of -1 to invalidate the cookie
|
|
func (c *cookieManager) InvalidateCookie(cookieType string) *http.Cookie {
|
|
return &http.Cookie{
|
|
Name: cookieType,
|
|
Value: "",
|
|
Path: "/",
|
|
MaxAge: -1,
|
|
HttpOnly: true,
|
|
Secure: c.Secure,
|
|
SameSite: c.SameSite,
|
|
}
|
|
}
|