Added soft delete to RefreshTokenEntity to prevent deadlock and 500 errors.

2024-08-20 11:07:41 -05:00 · 2024-08-20 11:07:41 -05:00 · 3d6577fe02
commit 3d6577fe02
parent 0396e8e3b0
5 changed files with 37 additions and 9 deletions
--- a/src/main/java/app/mealsmadeeasy/api/MealsMadeEasyApiApplication.java
+++ b/src/main/java/app/mealsmadeeasy/api/MealsMadeEasyApiApplication.java
@ -2,8 +2,10 @@ package app.mealsmadeeasy.api;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.scheduling.annotation.EnableScheduling;
@SpringBootApplication
@EnableScheduling
 public class MealsMadeEasyApiApplication {
 	public static void main(String[] args) {
--- a/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
@ -5,6 +5,7 @@ import app.mealsmadeeasy.api.user.UserEntity;
 import jakarta.transaction.Transactional;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@ -13,6 +14,7 @@ import org.springframework.stereotype.Service;
 import java.time.LocalDateTime;
 import java.util.UUID;
 import java.util.concurrent.TimeUnit;
@Service
 public class AuthServiceImpl implements AuthService {
@ -76,17 +78,18 @@ public class AuthServiceImpl implements AuthService {
        final RefreshTokenEntity old = this.refreshTokenRepository.findByToken(refreshToken)
                .orElseThrow(() -> new LoginException(
                        LoginExceptionReason.INVALID_REFRESH_TOKEN,
-                        "No such refresh-token: " + refreshToken
+                        "No such refresh token: " + refreshToken
                ));
-        if (old.isRevoked()) {
+        if (old.isRevoked() || old.isDeleted()) {
-            throw new LoginException(LoginExceptionReason.INVALID_REFRESH_TOKEN, "RefreshToken is revoked.");
+            throw new LoginException(LoginExceptionReason.INVALID_REFRESH_TOKEN, "Invalid refresh token.");
        }
        if (old.getExpires().isBefore(LocalDateTime.now())) {
-            throw new LoginException(LoginExceptionReason.EXPIRED_REFRESH_TOKEN, "RefreshToken is expired.");
+            throw new LoginException(LoginExceptionReason.EXPIRED_REFRESH_TOKEN, "Refresh token is expired.");
        }
        final UserEntity principal = old.getOwner();
-        this.refreshTokenRepository.delete(old);
+        old.setDeleted(true);
        this.refreshTokenRepository.save(old);
        final String username = principal.getUsername();
        return new LoginDetails(
@ -96,4 +99,9 @@ public class AuthServiceImpl implements AuthService {
        );
    }
    @Scheduled(fixedDelay = 60, timeUnit = TimeUnit.SECONDS)
    public void cleanUpDeletedRefreshTokens() {
        this.refreshTokenRepository.deleteAllWhereSoftDeleted();
    }
 }
--- a/src/main/java/app/mealsmadeeasy/api/auth/RefreshToken.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/RefreshToken.java
@ -7,4 +7,5 @@ import java.time.LocalDateTime;
 public interface RefreshToken extends AuthToken {
    LocalDateTime getIssued();
    boolean isRevoked();
    boolean isDeleted();
 }
--- a/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenEntity.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenEntity.java
@ -30,6 +30,9 @@ public class RefreshTokenEntity implements RefreshToken {
    @ManyToOne
    private UserEntity owner;
    @Column(nullable = false)
    private Boolean deleted = false;
    public Long getId() {
        return this.id;
    }
@ -70,7 +73,7 @@ public class RefreshTokenEntity implements RefreshToken {
        return this.revoked;
    }
-    public void setRevoked(Boolean revoked) {
+    public void setRevoked(boolean revoked) {
        this.revoked = revoked;
    }
@ -82,6 +85,15 @@ public class RefreshTokenEntity implements RefreshToken {
        this.owner = owner;
    }
    @Override
    public boolean isDeleted() {
        return this.deleted;
    }
    public void setDeleted(boolean deleted) {
        this.deleted = deleted;
    }
    @Override
    public long getLifetime() {
        return ChronoUnit.SECONDS.between(this.issued, this.expiration);
--- a/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenRepository.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenRepository.java
@ -1,14 +1,19 @@
 package app.mealsmadeeasy.api.auth;
-import jakarta.persistence.LockModeType;
+import jakarta.transaction.Transactional;
 import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Lock;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import java.util.Optional;
 public interface RefreshTokenRepository extends JpaRepository<RefreshTokenEntity, Long> {
    @Lock(LockModeType.PESSIMISTIC_READ)
    Optional<RefreshTokenEntity> findByToken(String token);
    @Modifying
    @Transactional
    @Query("DELETE FROM RefreshToken t WHERE t.deleted = true")
    void deleteAllWhereSoftDeleted();
 }