(w http.ResponseWriter, r *http.Request)
| 493 | } |
| 494 | |
| 495 | func (h *RefreshHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
| 496 | if !h.keychain.Guard(w, r) { // API |
| 497 | return |
| 498 | } |
| 499 | |
| 500 | sessionID := r.Header.Get("Wave-Session-ID") |
| 501 | session, ok := h.auth.get(sessionID) |
| 502 | |
| 503 | if !ok { |
| 504 | echo(Log{"t": "refresh_session", "error": "session unavailable"}) |
| 505 | http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) |
| 506 | return |
| 507 | } |
| 508 | |
| 509 | token, err := h.auth.ensureValidOAuth2Token(r.Context(), session.token) |
| 510 | if err != nil { |
| 511 | // Purge session and reload clients if refresh not successful? |
| 512 | echo(Log{"t": "refresh_session", "error": err.Error()}) |
| 513 | http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) |
| 514 | return |
| 515 | } |
| 516 | |
| 517 | session.token = token |
| 518 | h.auth.set(session) |
| 519 | |
| 520 | w.Header().Set("Wave-Access-Token", token.AccessToken) |
| 521 | w.Header().Set("Wave-Refresh-Token", token.RefreshToken) |
| 522 | w.WriteHeader(http.StatusOK) |
| 523 | } |
nothing calls this directly
no test coverage detected