/* * Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net> * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation files * (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #include #include #include #include #include #include ROUTE_IMPL(RouteRefresh, args) { HashMap *request; HashMap *response = NULL; JsonValue *val; char *refreshToken; char *oldAccessToken; char *newAccessToken; char *deviceId; Db *db = args->matrixArgs->db; LogConfig *lc = args->matrixArgs->lc; DbRef *rtRef; DbRef * oAtRef; DbRef * nAtRef; if (MATRIX_PATH_PARTS(args->path) > 0) { HttpResponseStatus(args->context, HTTP_NOT_FOUND); return MatrixErrorCreate(M_NOT_FOUND); } if (HttpRequestMethodGet(args->context) != HTTP_POST) { HttpResponseStatus(args->context, HTTP_BAD_REQUEST); return MatrixErrorCreate(M_UNRECOGNIZED); } request = JsonDecode(HttpStream(args->context)); if (!request) { HttpResponseStatus(args->context, HTTP_BAD_REQUEST); return MatrixErrorCreate(M_NOT_JSON); } val = HashMapGet(request, "refresh_token"); if (!val || JsonValueType(val) != JSON_STRING) { HttpResponseStatus(args->context, HTTP_BAD_REQUEST); response = MatrixErrorCreate(M_BAD_JSON); goto finish; } refreshToken = JsonValueAsString(val); /* Get the refresh token object */ rtRef = DbLock(db, 3, "tokens", "refresh", refreshToken); if (!rtRef) { HttpResponseStatus(args->context, HTTP_BAD_REQUEST); response = MatrixErrorCreate(M_UNKNOWN_TOKEN); goto finish; } /* Get the access token and device the refresh token refreshes */ oldAccessToken = JsonValueAsString(HashMapGet(DbJson(rtRef), "refreshes")); oAtRef = DbLock(db, 3, "tokens", "access", oldAccessToken); if (!oAtRef) { Log(lc, LOG_ERR, "Refresh token '%s' points to an access token that doesn't exist.", refreshToken); Log(lc, LOG_WARNING, "This refresh token will be deleted."); HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR); response = MatrixErrorCreate(M_UNKNOWN); DbUnlock(db, rtRef); DbDelete(db, 3, "tokens", "refresh", refreshToken); goto finish; } /* Get the user associated with the access token and device */ /* Generate a new access token associated with the device and user. */ /* Replace old access token in User */ /* Delete old access token */ /* Update the refresh token to point to the new access token */ /* Return the new access token and expiration timestamp to the client */ response = HashMapCreate(); finish: JsonFree(request); DbUnlock(db, rtRef); return response; }