| 30 | ) |
| 31 | |
| 32 | func authWithToken(db *gorm.DB, r *http.Request, tokenType string) (database.User, database.Token, bool, error) { |
| 33 | var user database.User |
| 34 | var token database.Token |
| 35 | |
| 36 | query := r.URL.Query() |
| 37 | tokenValue := query.Get("token") |
| 38 | if tokenValue == "" { |
| 39 | return user, token, false, nil |
| 40 | } |
| 41 | |
| 42 | err := db.Where("value = ? AND type = ?", tokenValue, tokenType).First(&token).Error |
| 43 | if errors.Is(err, gorm.ErrRecordNotFound) { |
| 44 | return user, token, false, nil |
| 45 | } else if err != nil { |
| 46 | return user, token, false, pkgErrors.Wrap(err, "finding token") |
| 47 | } |
| 48 | |
| 49 | if token.UsedAt != nil && time.Since(*token.UsedAt).Minutes() > 10 { |
| 50 | return user, token, false, nil |
| 51 | } |
| 52 | |
| 53 | if err := db.Where("id = ?", token.UserID).First(&user).Error; err != nil { |
| 54 | return user, token, false, pkgErrors.Wrap(err, "finding user") |
| 55 | } |
| 56 | |
| 57 | return user, token, true, nil |
| 58 | } |
| 59 | |
| 60 | // AuthParams is the params for the authentication middleware |
| 61 | type AuthParams struct { |