Objective:
Modify the Admin handler so that, in addition to checking whether an administrator exists, it also validates whether the user has an active session before redirecting.
Location:
web/admin/api/handler/admin.go
Current Behavior:
- The
/admin endpoint checks whether an administrator exists in the system using ExistsAdmin.
- If it exists, it redirects to
/v1/admin/sign-in.
- If it does not exist, it redirects to
/v1/admin/sign-up.
- If an error occurs, it renders an error page.
Currently, it does not validate whether the user already has an active session.
New Expected Behavior:
When a user accesses /admin, the flow must be as follows:
-
Validate active session:
- Read the
accessToken from the cookie.
- Attempt to validate it.
-
If the access token is valid:
- Redirect to
/v1/admin/home.
-
If the access token is expired (for example, an error of type domain.ErrTokenExpired):
- Attempt to refresh the session using the
refresh_token.
-
If the refresh is successful:
- Set new cookies.
- Redirect to
/v1/admin/home.
-
If the refresh fails:
- Redirect to
/v1/admin/sign-in.
-
If no token exists or it is invalid:
- Continue with the normal flow:
- If admin exists →
/v1/admin/sign-in
- If admin does not exist →
/v1/admin/sign-up
Architecture Considerations:
- Token validation must not be directly coupled to the handler.
- The existing
TokenSrv or CookieSrv must be used.
Expected Result:
- The
/admin endpoint must behave as an intelligent entry point:
- If the user already has an active session, redirect to home.
- If the user does not have a session, redirect to login or registration as appropriate.
- If the access token is expired but the refresh token is valid, the session must be automatically renewed.
Notes:
- Questions or better solutions should be discussed in the issue comments.
Similar Examples:
web/shared/api/middlewares/authenticate.go
Objective:
Modify the Admin handler so that, in addition to checking whether an administrator exists, it also validates whether the user has an active session before redirecting.
Location:
web/admin/api/handler/admin.goCurrent Behavior:
/adminendpoint checks whether an administrator exists in the system usingExistsAdmin./v1/admin/sign-in./v1/admin/sign-up.Currently, it does not validate whether the user already has an active session.
New Expected Behavior:
When a user accesses
/admin, the flow must be as follows:Validate active session:
accessTokenfrom the cookie.If the access token is valid:
/v1/admin/home.If the access token is expired (for example, an error of type
domain.ErrTokenExpired):refresh_token.If the refresh is successful:
/v1/admin/home.If the refresh fails:
/v1/admin/sign-in.If no token exists or it is invalid:
/v1/admin/sign-in/v1/admin/sign-upArchitecture Considerations:
TokenSrvorCookieSrvmust be used.Expected Result:
/adminendpoint must behave as an intelligent entry point:Notes:
Similar Examples:
web/shared/api/middlewares/authenticate.go