Refresh token on 401

app/http/middleware/authenticatetoken.go

@@ -3,6 +3,7 @@ package middleware
 import (
 	"fmt"
 	"github.com/TicketsBot/GoPanel/config"
+	"github.com/TicketsBot/GoPanel/utils"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
 	"strconv"
@@ -20,38 +21,26 @@ func AuthenticateToken(ctx *gin.Context) {
 	})
 
 	if err != nil {
-		ctx.AbortWithStatusJSON(403, gin.H{
-			"success": false,
-			"error": err.Error(),
-		})
+		ctx.AbortWithStatusJSON(401, utils.ErrorJson(err))
 		return
 	}
 
 	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
 		userId, hasUserId := claims["userid"]
 		if !hasUserId {
-			ctx.AbortWithStatusJSON(403, gin.H{
-				"success": false,
-				"error": "Token is invalid",
-			})
+			ctx.AbortWithStatusJSON(401, utils.ErrorStr("Token is invalid"))
 			return
 		}
 
 		parsedId, err := strconv.ParseUint(userId.(string), 10, 64)
 		if err != nil {
-			ctx.AbortWithStatusJSON(403, gin.H{
-				"success": false,
-				"error": "Token is invalid",
-			})
+			ctx.AbortWithStatusJSON(401, utils.ErrorStr("Token is invalid"))
 			return
 		}
 
 		ctx.Keys["userid"] = parsedId
 	} else {
-		ctx.AbortWithStatusJSON(403, gin.H{
-			"success": false,
-			"error": "Token is invalid",
-		})
+		ctx.AbortWithStatusJSON(401, utils.ErrorStr("Token is invalid"))
 		return
 	}
 }

app/http/server.go

@@ -60,7 +60,7 @@ func StartServer() {
 
 	authorized := router.Group("/", middleware.AuthenticateCookie)
 	{
-		authorized.POST("/token", middleware.VerifyXTicketsHeader, api.TokenHandler)
+		authorized.POST("/token", createLimiter(2, 10 * time.Second), middleware.VerifyXTicketsHeader, api.TokenHandler)
 
 		authenticateGuildAdmin := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Admin))
 		authenticateGuildSupport := authorized.Group("/", middleware.AuthenticateGuild(false, permission.Support))

public/static/js/auth.js

@@ -1,5 +1,7 @@
+const _tokenKey = 'token';
+
 async function getToken() {
-    let token = window.localStorage.getItem('token');
+    let token = window.localStorage.getItem(_tokenKey);
     if (token == null) {
         let res = await axios.post('/token', undefined, {
             withCredentials: true,
@@ -15,7 +17,7 @@ async function getToken() {
         }
 
         token = res.data.token;
-        localStorage.setItem('token', token);
+        localStorage.setItem(_tokenKey, token);
     }
 
     return token;
@@ -26,10 +28,27 @@ function clearLocalStorage() {
 }
 
 async function setDefaultHeader() {
-    const token = await getToken();
-    axios.defaults.headers.common['Authorization'] = token;
-    axios.defaults.headers.common['x-tickets'] = 'true'; // abritrary header name and value
+    axios.defaults.headers.common['Authorization'] = await getToken();
+    axios.defaults.headers.common['x-tickets'] = 'true'; // arbitrary header name and value
     axios.defaults.validateStatus = false;
 }
 
-setDefaultHeader();
+async function _refreshToken() {
+    window.localStorage.removeItem(_tokenKey);
+    await getToken();
+}
+
+function addRefreshInterceptor() {
+    axios.interceptors.response.use(async (res) => { // we set validateStatus to false
+        if (res.status === 401) {
+            await _refreshToken();
+        }
+    }, async (err) => {
+        if (err.response.status === 401) {
+            await _refreshToken();
+        }
+    });
+}
+
+setDefaultHeader();
+addRefreshInterceptor();