API: Implement endpoint to refresh an access token

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/api/auth.py b/src/api/auth.py
index 0cc0dfef6f708723cf4f85ac87b531974d25d0d6..a26e2e2a5c133692cba9ed32639eaeb9e5df2b72 100644 (file)
--- a/src/api/auth.py
+++ b/src/api/auth.py
@@ -104,3 +104,31 @@ async def auth_user(credentials: fastapi.security.OAuth2PasswordRequestForm =
 
        # Send the response
        return AuthResponse(access_token=access_token, refresh_token=refresh_token)
+
+
+class RefreshRequest(pydantic.BaseModel):
+       refresh_token: str
+
+@app.post("/auth/refresh")
+async def auth_refresh(data: RefreshRequest):
+       try:
+               payload = jwt.decode(data.refresh_token, TOKEN_SECRET, algorithms=[TOKEN_ALGO])
+
+       # Fail if we could not decode the token
+       except jwt.InvalidTokenError as e:
+               print(e)
+               raise fastapi.HTTPException(status_code=401, detail="Invalid refresh token")
+
+       # Extract the principal
+       principal = payload.get("sub")
+       if not principal:
+               raise fastapi.HTTPException(status_code=401, detail="Invalid refresh token")
+
+       # XXX Check if the principal actually still exists
+
+       # Generate the access token
+       access_token = create_token(principal,
+               type="access", expires_after=ACCESS_TOKEN_EXPIRY_TIME)
+
+       # Send the response
+       return AuthResponse(access_token=access_token, refresh_token=data.refresh_token)