Merge pull request #29 from EringiShimeji/auth/check-already-signed-in

ログイン済みの場合は認可エンドポイントのURLを発行しない
smatsuodev · Aug 26, 2024 · eb454eb · eb454eb
2 parents 83fed89 + 096535e
commit eb454eb
Show file tree

Hide file tree

Showing 11 changed files with 268 additions and 56 deletions.
diff --git a/backend/app/gen/sudoku/auth/v1/auth.pb.go b/backend/app/gen/sudoku/auth/v1/auth.pb.go
diff --git a/backend/app/handler/auth/handler.go b/backend/app/handler/auth/handler.go
@@ -4,6 +4,7 @@ import (
 	"connectrpc.com/connect"
 	"context"
 	"errors"
+	"github.com/google/uuid"
 	"net/http"
 	authv1 "sudoku/gen/sudoku/auth/v1"
 	authS "sudoku/service/auth"
@@ -29,6 +30,39 @@ func convertProvider(provider authv1.OAuthProvider) (authS.OAuthProvider, error)
 }
 
 func (h *Handler) SignIn(ctx context.Context, req *connect.Request[authv1.SignInRequest]) (*connect.Response[authv1.SignInResponse], error) {
+	var cookies []*http.Cookie
+
+	sessionCookie := req.Header().Get(SessionCookieName)
+	if sessionCookie != "" {
+		// 無効なセッションクッキーを削除させる用
+		c := http.Cookie{
+			Name:   SessionCookieName,
+			MaxAge: -1,
+		}
+
+		sessionID, err := uuid.Parse(sessionCookie)
+		if err != nil {
+			// サインイン処理は継続
+			cookies = append(cookies, &c)
+		} else {
+			output, err := h.authService.ValidateSession(authS.ValidateSessionInput{
+				SessionID: sessionID,
+			})
+			if err != nil {
+				return nil, connect.NewError(connect.CodeInternal, err)
+			}
+
+			if output.IsValid {
+				return connect.NewResponse(&authv1.SignInResponse{
+					Status: authv1.SignInStatus_SIGN_IN_STATUS_ALREADY_SIGNED_IN,
+				}), nil
+			}
+
+			// サインイン処理は継続
+			cookies = append(cookies, &c)
+		}
+	}
+
 	provider, err := convertProvider(req.Msg.Provider)
 	if err != nil {
 		return nil, connect.NewError(connect.CodeInvalidArgument, err)
@@ -42,18 +76,22 @@ func (h *Handler) SignIn(ctx context.Context, req *connect.Request[authv1.SignIn
 
 	res := connect.NewResponse(&authv1.SignInResponse{
 		AuthorizationUrl: output.AuthorizationURL,
+		Status:           authv1.SignInStatus_SIGN_IN_STATUS_REQUIRES_SIGNING_IN,
 	})
 
+	// Cookie として返していいのか?
 	// TODO: セキュリティを考慮して属性を追加
 	// Secure を付けたいが, 開発環境で cookie が送られなくて困りそう
 	// SameSite: strict だとコールバックに cookie が送られなさそう
-	cookie := http.Cookie{
+	cookies = append(cookies, &http.Cookie{
 		Name:     "state_jwt",
 		Value:    output.StateJWT,
 		HttpOnly: true,
+	})
+
+	for _, cookie := range cookies {
+		res.Header().Set("Set-Cookie", cookie.String())
 	}
-	// Cookie として返していいのか?
-	res.Header().Set("Set-Cookie", cookie.String())
 
 	return res, nil
 }

diff --git a/backend/app/model/session.go b/backend/app/model/session.go
@@ -12,6 +12,14 @@ type Session struct {
 	expiresAt time.Time
 }
 
+func NewSessionWithoutID(userID uint, expiresAt time.Time) *Session {
+	return &Session{userID: userID, expiresAt: expiresAt}
+}
+
+func NewSession(id uuid.UUID, userID uint, expiresAt time.Time) *Session {
+	return &Session{id: mo.Some(id), userID: userID, expiresAt: expiresAt}
+}
+
 func (s *Session) IsIDPresent() bool {
 	return s.id.IsPresent()
 }
@@ -36,10 +44,6 @@ func (s *Session) ExpiresAt() time.Time {
 	return s.expiresAt
 }
 
-func NewSessionWithoutID(userID uint, expiresAt time.Time) *Session {
-	return &Session{userID: userID, expiresAt: expiresAt}
-}
-
-func NewSession(id uuid.UUID, userID uint, expiresAt time.Time) *Session {
-	return &Session{id: mo.Some(id), userID: userID, expiresAt: expiresAt}
+func (s *Session) IsExpired() bool {
+	return time.Now().After(s.expiresAt)
 }
diff --git a/backend/app/service/auth/dto.go b/backend/app/service/auth/dto.go
@@ -1,5 +1,7 @@
 package auth
 
+import "github.com/google/uuid"
+
 type OAuthProvider string
 
 const (
@@ -30,3 +32,11 @@ type OAuthCallbackInput struct {
 type OAuthCallbackOutput struct {
 	SessionID string
 }
+
+type ValidateSessionInput struct {
+	SessionID uuid.UUID
+}
+
+type ValidateSessionOutput struct {
+	IsValid bool
+}
diff --git a/backend/app/service/auth/interface.go b/backend/app/service/auth/interface.go
@@ -5,6 +5,7 @@ type IAuthService interface {
 	SignIn(SignInInput) (SignInOutput, error)
 	SignOut(SignOutInput) (SignOutOutput, error)
 	OAuthCallback(OAuthCallbackInput) (OAuthCallbackOutput, error)
+	ValidateSession(ValidateSessionInput) (ValidateSessionOutput, error)
 }
 
 type OAuthClient interface {

diff --git a/backend/app/service/auth/mock_service.go b/backend/app/service/auth/mock_service.go
diff --git a/backend/app/service/auth/service.go b/backend/app/service/auth/service.go
@@ -184,3 +184,21 @@ func (s *Service) parseJWT(token string) (*StateClaims, error) {
 
 	return claims, nil
 }
+
+func (s *Service) ValidateSession(input ValidateSessionInput) (ValidateSessionOutput, error) {
+	maybeSession, err := s.sessionRepo.FindByID(input.SessionID)
+	if err != nil {
+		return ValidateSessionOutput{}, err
+	}
+
+	if maybeSession.IsAbsent() {
+		return ValidateSessionOutput{IsValid: false}, nil
+	}
+	session := maybeSession.MustGet()
+
+	if session.IsExpired() {
+		return ValidateSessionOutput{IsValid: false}, nil
+	}
+
+	return ValidateSessionOutput{IsValid: true}, nil
+}