public async Task <RenewTokenModel> Handle(RenewAccountSessionCommand request, CancellationToken cancellationToken)
{
var accIdFromContext = _httpContextService.GetAccountIdFromContext();
if (accIdFromContext != request.AccountId)
{
throw new RenewAccountSessionException(request.AccountId, "operation not allowed");
}
var session = _repo.AccountSessions.SingleOrDefault(s => s.AccountId == request.AccountId);
if (session == null)
{
throw new RenewAccountSessionException(request.AccountId, "session not found");
}
if (session.RenewToken != request.RenewToken)
{
throw new RenewAccountSessionException(request.AccountId, $"renew token not equal current:{session.RenewToken} requested:{request.RenewToken}");
}
if (session.RenewExpired < DateTime.Now)
{
_repo.Remove(session);
await _repo.SaveChangesAsync(cancellationToken);
throw new RenewAccountSessionException(request.AccountId, $"renew token expired");
}
session.RenewExpired = DateTime.Now.AddSeconds(_authConfig.renewExpiredInSec);
session.SessionExpired = DateTime.Now.AddSeconds(_authConfig.sessionExpiredInSec);
session.RenewToken = _token.IssueToken();
var acc = await _repo.Accounts.SingleAsync(x => x.Id == accIdFromContext, cancellationToken);
_repo.AccountSessions.Update(session);
await _repo.SaveChangesAsync(cancellationToken);
await _mediator.Publish(new RenewAccountSessionSuccessDomainEvent(request.AccountId, session.IssuedOn, session.RenewToken, session.SessionExpired, acc.Role), cancellationToken);
return(RenewTokenModel.Create(session));
}
