check user exists when refresh token

2022-08-01 14:44:22 +08:00 · 2022-08-01 14:44:22 +08:00 · 1ea30e03a4
parent ba0eafa065
commit 1ea30e03a4
1 changed files with 19 additions and 0 deletions
--- a/src/webapi/router/router_login.go
+++ b/src/webapi/router/router_login.go
@ -3,6 +3,7 @@ package router
 import (
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"

@ -116,6 +117,24 @@ func refreshPost(c *gin.Context) {
 			return
 		}

+		userid, err := strconv.ParseInt(strings.Split(userIdentity, "-")[0], 10, 64)
+		if err != nil {
+			ginx.NewRender(c, http.StatusUnauthorized).Message("failed to parse user_identity from jwt")
+			return
+		}
+
+		u, err := models.UserGetById(userid)
+		if err != nil {
+			ginx.NewRender(c, http.StatusInternalServerError).Message("failed to query user by id")
+			return
+		}
+
+		if u == nil {
+			// user already deleted
+			ginx.NewRender(c, http.StatusUnauthorized).Message("user already deleted")
+			return
+		}
+
 		// Delete the previous Refresh Token
 		err = deleteAuth(c.Request.Context(), refreshUuid)
 		if err != nil {