diff --git a/app/http/middleware/authenticatetoken.go b/app/http/middleware/authenticatetoken.go index 8c12ef7..8438850 100644 --- a/app/http/middleware/authenticatetoken.go +++ b/app/http/middleware/authenticatetoken.go @@ -3,6 +3,7 @@ package middleware import ( "fmt" "github.com/TicketsBot/GoPanel/config" + "github.com/TicketsBot/GoPanel/utils" "github.com/dgrijalva/jwt-go" "github.com/gin-gonic/gin" "strconv" @@ -20,38 +21,26 @@ func AuthenticateToken(ctx *gin.Context) { }) if err != nil { - ctx.AbortWithStatusJSON(403, gin.H{ - "success": false, - "error": err.Error(), - }) + ctx.AbortWithStatusJSON(401, utils.ErrorJson(err)) return } if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { userId, hasUserId := claims["userid"] if !hasUserId { - ctx.AbortWithStatusJSON(403, gin.H{ - "success": false, - "error": "Token is invalid", - }) + ctx.AbortWithStatusJSON(401, utils.ErrorStr("Token is invalid")) return } parsedId, err := strconv.ParseUint(userId.(string), 10, 64) if err != nil { - ctx.AbortWithStatusJSON(403, gin.H{ - "success": false, - "error": "Token is invalid", - }) + ctx.AbortWithStatusJSON(401, utils.ErrorStr("Token is invalid")) return } ctx.Keys["userid"] = parsedId } else { - ctx.AbortWithStatusJSON(403, gin.H{ - "success": false, - "error": "Token is invalid", - }) + ctx.AbortWithStatusJSON(401, utils.ErrorStr("Token is invalid")) return } } diff --git a/app/http/server.go b/app/http/server.go index 6208528..3ee9bc4 100644 --- a/app/http/server.go +++ b/app/http/server.go @@ -60,7 +60,7 @@ func StartServer() { authorized := router.Group("/", middleware.AuthenticateCookie) { - authorized.POST("/token", middleware.VerifyXTicketsHeader, api.TokenHandler) + authorized.POST("/token", createLimiter(2, 10 * time.Second), middleware.VerifyXTicketsHeader, api.TokenHandler) authenticateGuildAdmin := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Admin)) authenticateGuildSupport := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Support)) diff --git a/public/static/js/auth.js b/public/static/js/auth.js index f70292f..248c4b8 100644 --- a/public/static/js/auth.js +++ b/public/static/js/auth.js @@ -1,5 +1,7 @@ +const _tokenKey = 'token'; + async function getToken() { - let token = window.localStorage.getItem('token'); + let token = window.localStorage.getItem(_tokenKey); if (token == null) { let res = await axios.post('/token', undefined, { withCredentials: true, @@ -15,7 +17,7 @@ async function getToken() { } token = res.data.token; - localStorage.setItem('token', token); + localStorage.setItem(_tokenKey, token); } return token; @@ -26,10 +28,27 @@ function clearLocalStorage() { } async function setDefaultHeader() { - const token = await getToken(); - axios.defaults.headers.common['Authorization'] = token; - axios.defaults.headers.common['x-tickets'] = 'true'; // abritrary header name and value + axios.defaults.headers.common['Authorization'] = await getToken(); + axios.defaults.headers.common['x-tickets'] = 'true'; // arbitrary header name and value axios.defaults.validateStatus = false; } -setDefaultHeader(); \ No newline at end of file +async function _refreshToken() { + window.localStorage.removeItem(_tokenKey); + await getToken(); +} + +function addRefreshInterceptor() { + axios.interceptors.response.use(async (res) => { // we set validateStatus to false + if (res.status === 401) { + await _refreshToken(); + } + }, async (err) => { + if (err.response.status === 401) { + await _refreshToken(); + } + }); +} + +setDefaultHeader(); +addRefreshInterceptor(); \ No newline at end of file