Skip to content

Commit

Permalink
セッションIDが振られていたら, ALREADY_SIGNED_IN を返す
Browse files Browse the repository at this point in the history
  • Loading branch information
@harsssh
harsssh committed Aug 26, 2024
1 parent 6f1a7cd commit 0a5603b
Showing 1 changed file with 41 additions and 3 deletions.
44 changes: 41 additions & 3 deletions backend/app/handler/auth/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"connectrpc.com/connect"
"context"
"errors"
"github.com/google/uuid"
"net/http"
authv1 "sudoku/gen/sudoku/auth/v1"
authS "sudoku/service/auth"
Expand All @@ -29,6 +30,39 @@ func convertProvider(provider authv1.OAuthProvider) (authS.OAuthProvider, error)
}

func (h *Handler) SignIn(ctx context.Context, req *connect.Request[authv1.SignInRequest]) (*connect.Response[authv1.SignInResponse], error) {
var cookies []*http.Cookie

sessionCookie := req.Header().Get(SessionCookieName)
if sessionCookie != "" {
// 無効なセッションクッキーを削除させる用
c := http.Cookie{
Name: SessionCookieName,
MaxAge: -1,
}

sessionID, err := uuid.Parse(sessionCookie)
if err != nil {
// サインイン処理は継続
cookies = append(cookies, &c)
} else {
output, err := h.authService.ValidateSession(authS.ValidateSessionInput{
SessionID: sessionID,
})
if err != nil {
return nil, connect.NewError(connect.CodeInternal, err)
}

if output.IsValid {
return connect.NewResponse(&authv1.SignInResponse{
Status: authv1.SignInStatus_SIGN_IN_STATUS_ALREADY_SIGNED_IN,
}), nil
}

// サインイン処理は継続
cookies = append(cookies, &c)
}
}

provider, err := convertProvider(req.Msg.Provider)
if err != nil {
return nil, connect.NewError(connect.CodeInvalidArgument, err)
Expand All @@ -42,18 +76,22 @@ func (h *Handler) SignIn(ctx context.Context, req *connect.Request[authv1.SignIn

res := connect.NewResponse(&authv1.SignInResponse{
AuthorizationUrl: output.AuthorizationURL,
Status: authv1.SignInStatus_SIGN_IN_STATUS_REQUIRES_SIGNING_IN,
})

// Cookie として返していいのか?
// TODO: セキュリティを考慮して属性を追加
// Secure を付けたいが, 開発環境で cookie が送られなくて困りそう
// SameSite: strict だとコールバックに cookie が送られなさそう
cookie := http.Cookie{
cookies = append(cookies, &http.Cookie{
Name: "state_jwt",
Value: output.StateJWT,
HttpOnly: true,
})

for _, cookie := range cookies {
res.Header().Set("Set-Cookie", cookie.String())
}
// Cookie として返していいのか?
res.Header().Set("Set-Cookie", cookie.String())

return res, nil
}
Expand Down

0 comments on commit 0a5603b

Please sign in to comment.