add checks if ST is revoked

internal/db/dbModels/supertoken.go

@@ -24,7 +24,6 @@ type SuperTokenEntry struct {
 	ID           uuid.UUID
 	ParentID     string `db:"parent_id"`
 	RootID       string `db:"root_id"`
-	Revoked      bool
 	Token        *supertoken.SuperToken
 	RefreshToken string `db:"refresh_token"`
 	Name         string
@@ -56,7 +55,6 @@ func (ste *SuperTokenEntry) Store(comment string) error {
 		ID:           ste.ID,
 		ParentID:     db.NewNullString(ste.ParentID),
 		RootID:       db.NewNullString(ste.RootID),
-		Revoked:      ste.Revoked,
 		Token:        ste.Token,
 		RefreshToken: db.NewNullString(ste.RefreshToken),
 		Name:         db.NewNullString(ste.Name),
@@ -75,7 +73,6 @@ type superTokenEntryStore struct {
 	ID           uuid.UUID
 	ParentID     sql.NullString `db:"parent_id"`
 	RootID       sql.NullString `db:"root_id"`
-	Revoked      bool
 	Token        *supertoken.SuperToken
 	RefreshToken sql.NullString `db:"refresh_token"`
 	Name         sql.NullString
@@ -85,7 +82,7 @@ type superTokenEntryStore struct {
 }
 
 func (e *superTokenEntryStore) Store() error {
-	stmt, err := db.DB().PrepareNamed(`INSERT INTO SuperTokens (id, parent_id, root_id, revoked, token, refresh_token, name, ip_created, user_id) VALUES(:id, :parent_id, :root_id, :revoked, :token, :refresh_token, :name, :ip_created, (SELECT id FROM Users WHERE iss=:iss AND sub=:sub))`)
+	stmt, err := db.DB().PrepareNamed(`INSERT INTO SuperTokens (id, parent_id, root_id,  token, refresh_token, name, ip_created, user_id) VALUES(:id, :parent_id, :root_id, :token, :refresh_token, :name, :ip_created, (SELECT id FROM Users WHERE iss=:iss AND sub=:sub))`)
 	if err != nil {
 		return err
 	}

internal/endpoints/token/access/accessTokenEndpoint.go

@@ -39,6 +39,19 @@ func HandleAccessTokenEndpoint(ctx *fiber.Ctx) error {
 	}
 	log.Trace("Checked grant type")
 
+	revoked, dbErr := dbUtils.CheckTokenRevoked(req.SuperToken)
+	if dbErr != nil {
+		return model.ErrorToInternalServerErrorResponse(dbErr).Send(ctx)
+	}
+	if revoked {
+		res := &model.Response{
+			Status:   fiber.StatusUnauthorized,
+			Response: model.InvalidTokenError("not a valid token"),
+		}
+		return res.Send(ctx)
+	}
+	log.Trace("Checked token not revoked")
+
 	st, err := supertoken.ParseJWT(req.SuperToken)
 	if err != nil {
 		res := model.Response{

internal/supertoken/superTokenHandler.go

@@ -38,6 +38,18 @@ func HandleSuperTokenFromSuperToken(ctx *fiber.Ctx) *model.Response {
 
 	// GrantType already checked
 
+	revoked, dbErr := dbUtils.CheckTokenRevoked(req.SuperToken)
+	if dbErr != nil {
+		return model.ErrorToInternalServerErrorResponse(dbErr)
+	}
+	if revoked {
+		return &model.Response{
+			Status:   fiber.StatusUnauthorized,
+			Response: model.InvalidTokenError("not a valid token"),
+		}
+	}
+	log.Trace("Checked token not revoked")
+
 	st, err := supertoken.ParseJWT(req.SuperToken)
 	if err != nil {
 		return &model.Response{

internal/utils/dbUtils/dbUtils.go

@@ -12,13 +12,13 @@ import (
 
 func GetRefreshToken(stid uuid.UUID) (string, bool, error) {
 	var rt string
-	err := db.DB().Get(&rt, `SELECT refresh_token FROM SuperTokens WHERE id=? AND revoked=false`, stid)
+	err := db.DB().Get(&rt, `SELECT refresh_token FROM SuperTokens WHERE id=?`, stid)
 	return parseStringResult(rt, err)
 }
 
 func GetRefreshTokenByTokenString(token string) (string, bool, error) {
 	var rt string
-	err := db.DB().Get(&rt, `SELECT refresh_token FROM SuperTokens WHERE token=? AND revoked=false`, token)
+	err := db.DB().Get(&rt, `SELECT refresh_token FROM SuperTokens WHERE token=?`, token)
 	return parseStringResult(rt, err)
 }
 
@@ -72,3 +72,14 @@ FROM   childs
 )`, token)
 	return err
 }
+
+func CheckTokenRevoked(token string) (bool, error) {
+	var count int
+	if err := db.DB().Get(&count, `SELECT COUNT(1) FROM SuperTokens WHERE token=?`, token); err != nil {
+		return true, err
+	}
+	if count == 0 {
+		return true, nil
+	}
+	return false, nil
+}