small helper file updates

uuid was added
minor changes to requests and responses
2024-04-21 10:29:46 -07:00 · 2024-04-21 10:29:24 -07:00 · 2024-04-21 10:29:17 -07:00 · 2024-04-21 10:28:50 -07:00 · 2024-04-21 10:28:21 -07:00 · 2024-04-21 10:27:56 -07:00
15 changed files with 157 additions and 104 deletions
--- a/6
+++ b/6
@ -1,5 +1,7 @@
 # Brings the database up to the current migration
 migrate-up:
-    GOOSE_DRIVER=sqlite3 GOOSE_DBSTRING=./gocook.db goose -dir ./api/migrations up
+    GOOSE_DRIVER=sqlite3 GOOSE_DBSTRING=./cmd/gocook.db goose -dir ./internal/migrations up
 # Rolls back one migration at a time
 migrate-down:
-    GOOSE_DRIVER=sqlite3 GOOSE_DBSTRING=./gocook.db goose -dir ./api/migrations down
+    GOOSE_DRIVER=sqlite3 GOOSE_DBSTRING=./cmd/gocook.db goose -dir ./internal/migrations down
--- a/go.mod
+++ b/go.mod
@ -7,6 +7,7 @@ require (
 	github.com/glebarez/go-sqlite v1.22.0
 	github.com/go-playground/validator v9.31.0+incompatible
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/uuid v1.6.0
 	github.com/huandu/go-sqlbuilder v1.25.0
 	github.com/joho/godotenv v1.5.1
 	github.com/labstack/echo-jwt/v4 v4.2.0
@ -22,7 +23,6 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/labstack/gommon v0.4.2 // indirect
--- a/internal/domain/entities.go
+++ b/internal/domain/entities.go
@ -3,7 +3,7 @@ package domain
 import "time"
 type UserEntity struct {
-	Id          int
+	Id          int64
 	CreatedAt   time.Time
 	LastUpdated time.Time
 	Name        string
@ -12,16 +12,15 @@ type UserEntity struct {
 }
 type RefreshTokenEntity struct {
-	Id          int
+	Id          int64
-	Username      string
+	Username    string
 	Token       string
 	ExpiresAt   time.Time
 	CreatedAt   time.Time
 	LastUpdated time.Time
 }
 type RecipeEntity struct {
-	Id          int32
+	Id          int64
 	CreatedAt   time.Time
 	LastUpdated time.Time
 	Title       string
--- a/internal/domain/requests.go
+++ b/internal/domain/requests.go
@ -12,5 +12,5 @@ type UpdateScopesRequest struct {
 type RefreshTokenRequest struct {
 	Username     string `json:"username"`
 	RefreshToken string `json:"refreshToken"`
-	ExpiresAt    string `json:"expiresAt"`
+	//ExpiresAt    time.Time `json:"expiresAt"`
 }
--- a/internal/domain/responses.go
+++ b/internal/domain/responses.go
@ -1,19 +1,30 @@
 package domain
 type LoginResponse struct {
-	Success bool   `json:"success"`
+	BaseResponse
-	Token   string `json:"token"`
+	Token        string `json:"token"`
-	Type    string `json:"type"`
+	Type         string `json:"type"`
 	RefreshToken string `json:"refreshToken"`
 }
 // This /
 // /auth/refreshToken
 type TokenRefreshResponse struct {
 	ErrorResponse
 }
 type BaseResponse struct {
 	Success bool   `json:"success"`
 	Message string `json:"message"`
 }
 type ErrorResponse struct {
 	Success bool   `json:"success"`
 	Message string `json:"message"`
 }
 type HelloWhoResponse struct {
-	Success bool   `json:"success"`
+	BaseResponse
 	Error   string `json:"error"`
 	Message string `json:"message"`
 }
--- a/internal/handlers/v1/auth.go
+++ b/internal/handlers/v1/auth.go
@ -3,6 +3,7 @@ package v1
 import (
 	"errors"
 	"net/http"
 	"time"
 	"git.jamestombleson.com/jtom38/go-cook/internal/domain"
 	"git.jamestombleson.com/jtom38/go-cook/internal/repositories"
@ -25,13 +26,12 @@ func (h *Handler) AuthRegister(c echo.Context) error {
 	password := c.FormValue("password")
 	//username := c.QueryParam("username")
-	exists, err := h.userRepo.GetByName(username)
+	exists, err := h.users.GetUser(username)
 	if err != nil {
 		// if we have an err, validate that if its not user not found.
 		// if the user is not found, we can use that name
 		if err.Error() != repositories.ErrUserNotFound {
 			return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{
 				Message: err.Error(),
 				Success: true,
 			})
@ -42,7 +42,7 @@ func (h *Handler) AuthRegister(c echo.Context) error {
 	}
 	//password := c.QueryParam("password")
-	err = h.UserService.CheckPasswordForRequirements(password)
+	err = h.users.CheckPasswordForRequirements(password)
 	if err != nil {
 		return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{
 			Success: false,
@ -50,7 +50,7 @@ func (h *Handler) AuthRegister(c echo.Context) error {
 		})
 	}
-	_, err = h.userRepo.Create(username, password, domain.ScopeRecipeRead)
+	_, err = h.users.Create(username, password, domain.ScopeRecipeRead)
 	if err != nil {
 		return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{
 			Success: false,
@ -73,27 +73,38 @@ func (h *Handler) AuthLogin(c echo.Context) error {
 	}
 	// check if the user exists
-	err := h.UserService.DoesUserExist(username)
+	err := h.users.DoesUserExist(username)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 	// make sure the hash matches
-	err = h.UserService.DoesPasswordMatchHash(username, password)
+	err = h.users.DoesPasswordMatchHash(username, password)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
-	token, err := h.generateJwt(username, h.Config.ApiUri)
+	// TODO think about moving this down some?
 	expiresAt := time.Now().Add(time.Hour * 48)
 	jwt, err := h.generateJwtWithExp(username, h.Config.ApiUri, expiresAt)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 	refresh, err := h.refreshTokens.Create(username)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 	return c.JSON(http.StatusOK, domain.LoginResponse{
-		Success:      true,
+		BaseResponse: domain.BaseResponse{
-		Token:        token,
+			Success: true,
 			Message: "OK",
 		},
 		Token:        jwt,
 		Type:         "Bearer",
-		RefreshToken: "",
+		RefreshToken: refresh,
 	})
 }
@ -108,7 +119,7 @@ func (h *Handler) validateAdminToken(c echo.Context, password string) error {
 		return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
 	}
-	token, err := h.generateAdminJwt("admin")
+	token, err := h.generateJwt("admin", h.Config.ApiUri)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
@ -116,14 +127,39 @@ func (h *Handler) validateAdminToken(c echo.Context, password string) error {
 	return c.JSON(http.StatusOK, token)
 }
-func (h *Handler) GenerateRefreshToken(c echo.Context) error {
+// This will take collect some information about the requested refresh, validate and then return a new jwt token if approved.
 func (h *Handler) RefreshJwtToken(c echo.Context) error {
 	// Check the context for the refresh token
 	var request domain.RefreshTokenRequest
 	err := (&echo.DefaultBinder{}).BindBody(c, &request)
 	if err != nil {
-		return err
+		return h.InternalServerErrorResponse(c, err.Error())
 	}
-	h.refreshTokenRepo.Create()
+
 	err = h.refreshTokens.IsRequestValid(request.Username, request.RefreshToken)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 	jwt, err := h.generateJwtWithExp(request.Username, h.Config.ApiUri, time.Now().Add(time.Hour * 48))
 	if err!= nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 	newRefreshToken, err := h.refreshTokens.Create(request.Username)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 	return c.JSON(http.StatusOK, domain.LoginResponse{
 		BaseResponse: domain.BaseResponse{
 			Success: true,
 			Message: "OK",
 		},
 		Token:        jwt,
 		Type:         "Bearer",
 		RefreshToken: newRefreshToken,
 	})
 }
 func (h *Handler) AddScopes(c echo.Context) error {
@ -146,7 +182,7 @@ func (h *Handler) AddScopes(c echo.Context) error {
 		})
 	}
-	err = h.UserService.AddScopes(request.Username, request.Scopes)
+	err = h.users.AddScopes(request.Username, request.Scopes)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
@ -176,7 +212,7 @@ func (h *Handler) RemoveScopes(c echo.Context) error {
 		})
 	}
-	err = h.UserService.RemoveScopes(request.Username, request.Scopes)
+	err = h.users.RemoveScopes(request.Username, request.Scopes)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
@ -186,10 +222,6 @@ func (h *Handler) RemoveScopes(c echo.Context) error {
 	})
 }
 func (h *Handler) RefreshJwtToken(c echo.Context) error {
 	return nil
 }
 func (h *Handler) getJwtToken(c echo.Context) (JwtToken, error) {
 	// Make sure that the request came with a jwtToken
 	token, ok := c.Get("user").(*jwt.Token)
--- a/internal/handlers/v1/demo.go
+++ b/internal/handlers/v1/demo.go
@ -11,16 +11,20 @@ import (
 func (h *Handler) DemoHello(c echo.Context) error {
 	return c.JSON(http.StatusOK, domain.HelloWhoResponse{
-		Success: true,
+		BaseResponse: domain.BaseResponse{
-		Message: "Hello world!",
+			Success: true,
 			Message: "Hello world!",
 		},
 	})
 }
 func (h *Handler) HelloWho(c echo.Context) error {
 	name := c.Param("who")
 	return c.JSON(http.StatusOK, domain.HelloWhoResponse{
-		Success: true,
+		BaseResponse: domain.BaseResponse{
-		Message: fmt.Sprintf("Hello, %s", name),
+			Success: true,
 			Message: fmt.Sprintf("Hello, %s", name),
 		},
 	})
 }
@ -28,15 +32,14 @@ func (h *Handler) HelloBody(c echo.Context) error {
 	request := domain.HelloBodyRequest{}
 	err := (&echo.DefaultBinder{}).BindBody(c, &request)
 	if err != nil {
-		return c.JSON(http.StatusBadRequest, domain.HelloWhoResponse{
+		return h.InternalServerErrorResponse(c, err.Error())
 			Success: false,
 			Error:   err.Error(),
 		})
 	}
 	return c.JSON(http.StatusOK, domain.HelloWhoResponse{
-		Success: true,
+		BaseResponse: domain.BaseResponse{
-		Message: fmt.Sprintf("Hello, %s", request.Name),
+			Success: true,
 			Message: fmt.Sprintf("Hello, %s", request.Name),
 		},
 	})
 }
--- a/internal/handlers/v1/handler.go
+++ b/internal/handlers/v1/handler.go
@ -5,7 +5,6 @@ import (
 	"net/http"
 	"git.jamestombleson.com/jtom38/go-cook/internal/domain"
 	"git.jamestombleson.com/jtom38/go-cook/internal/repositories"
 	"git.jamestombleson.com/jtom38/go-cook/internal/services"
 	"github.com/golang-jwt/jwt/v5"
@ -16,19 +15,18 @@ import (
 type Handler struct {
 	Config domain.EnvConfig
-	UserService      services.UserService
+	users         services.UserService
-	userRepo         repositories.IUserTable
+	recipes       services.Recipes
-	recipeRepo       repositories.IRecipeTable
+	refreshTokens services.RefreshToken
 	refreshTokenRepo repositories.RefreshTokenRepository
 }
 func NewHandler(conn *sql.DB, cfg domain.EnvConfig) *Handler {
 	return &Handler{
-		Config:           cfg,
+		Config: cfg,
-		UserService:      services.NewUserService(conn),
+
-		userRepo:         repositories.NewUserRepository(conn),
+		users:         services.NewUserService(conn),
-		recipeRepo:       repositories.NewRecipeRepository(conn),
+		recipes:       services.NewRecipesService(conn),
-		refreshTokenRepo: repositories.NewRefreshTokenRepository(conn),
+		refreshTokens: services.NewRefreshTokenService(conn),
 	}
 }
@ -46,6 +44,7 @@ func (h *Handler) Register(v1 *echo.Group) {
 	auth.Use(echojwt.WithConfig(jwtConfig))
 	auth.POST("/scopes/add", h.AddScopes)
 	auth.POST("/scopes/remove", h.RemoveScopes)
 	auth.POST("/refreshToken", h.RefreshJwtToken)
 	demo := v1.Group("/demo")
 	demo.GET("/hello", h.DemoHello)
--- a/internal/handlers/v1/jwt.go
+++ b/internal/handlers/v1/jwt.go
@ -57,40 +57,28 @@ func (j JwtToken) hasScope(scope string) error {
 }
 func (h *Handler) generateJwt(username, issuer string) (string, error) {
 	return h.generateJwtWithExp(username, issuer, time.Now().Add(10 * time.Minute))
 }
 func (h *Handler) generateJwtWithExp(username, issuer string, expiresAt time.Time) (string, error) {
 	secret := []byte(h.Config.JwtSecret)
 	// Anyone who wants to decrypt the key needs to use the same method
 	token := jwt.New(jwt.SigningMethodHS256)
 	claims := token.Claims.(jwt.MapClaims)
-	claims["exp"] = time.Now().Add(10 * time.Minute)
+	claims["exp"] = expiresAt
 	claims["authorized"] = true
 	claims["username"] = username
 	claims["iss"] = issuer
 	var scopes []string
-	scopes = append(scopes, domain.ScopeRecipeRead)
+	if (username == "admin") {
-	claims["scopes"] = scopes
+		scopes = append(scopes, domain.ScopeAll)
-
+		claims["scopes"] = scopes
-	tokenString, err := token.SignedString(secret)
+	} else {
-	if err != nil {
+		scopes = append(scopes, domain.ScopeRecipeRead)
-		return "", err
+		claims["scopes"] = scopes
-	}
+	}
 	return tokenString, nil
 }
 func (h *Handler) generateAdminJwt(username string) (string, error) {
 	secret := []byte(h.Config.JwtSecret)
 	token := jwt.New(jwt.SigningMethodHS256)
 	claims := token.Claims.(jwt.MapClaims)
 	claims["exp"] = time.Now().Add(10 * time.Minute)
 	claims["authorized"] = true
 	claims["username"] = username
 	var scopes []string
 	scopes = append(scopes, domain.ScopeAll)
 	claims["scopes"] = scopes
 	tokenString, err := token.SignedString(secret)
 	if err != nil {
--- a/internal/migrations/20240416180636_refreshtoken.sql
+++ b/internal/migrations/20240416180636_refreshtoken.sql
@ -5,7 +5,6 @@ CREATE TABLE RefreshTokens (
    ID          INTEGER     PRIMARY KEY AUTOINCREMENT,
    Username    TEXT        NOT NULL,
    Token       TEXT        NOT NULL,
    ExpiresAt   DATETIME    NOT NULL,
    CreatedAt   DATETIME    NOT NULL,
    LastUpdated DATETIME    NOT NULL
 ) 
--- a/internal/repositories/refreshTokens.go
+++ b/internal/repositories/refreshTokens.go
@ -15,7 +15,7 @@ const (
 )
 type RefreshTokenTable interface {
-	Create(username string, token string, expiresAt time.Time) (int64, error)
+	Create(username string, token string) (int64, error)
 	GetByUsername(name string) (domain.RefreshTokenEntity, error)
 	DeleteById(id int64) (int64, error)
 }
@ -30,12 +30,12 @@ func NewRefreshTokenRepository(conn *sql.DB) RefreshTokenRepository {
 	}
 }
-func (rt RefreshTokenRepository) Create(username string, token string, expiresAt time.Time) (int64, error) {
+func (rt RefreshTokenRepository) Create(username string, token string) (int64, error) {
 	dt := time.Now()
 	builder := sqlbuilder.NewInsertBuilder()
 	builder.InsertInto(refreshTokenTableName)
-	builder.Cols("Username", "Token", "ExpiresAt", "CreatedAt", "LastUpdated")
+	builder.Cols("Username", "Token", "CreatedAt", "LastUpdated")
-	builder.Values(username, token, expiresAt, dt, dt)
+	builder.Values(username, token, dt, dt)
 	query, args := builder.Build()
 	_, err := rt.connection.Exec(query, args...)
@ -89,11 +89,10 @@ func (rd RefreshTokenRepository) processRows(rows *sql.Rows) []domain.RefreshTok
 		var id int64
 		var username string
 		var token string
 		var expiresAt time.Time
 		var createdAt time.Time
 		var lastUpdated time.Time
-		err := rows.Scan(&id, &username, &token, &expiresAt, &createdAt, &lastUpdated)
+		err := rows.Scan(&id, &username, &token, &createdAt, &lastUpdated)
 		if err != nil {
 			fmt.Println(err)
 		}
@ -102,7 +101,6 @@ func (rd RefreshTokenRepository) processRows(rows *sql.Rows) []domain.RefreshTok
 			Id:          id,
 			Username:    username,
 			Token:       token,
 			ExpiresAt:   expiresAt,
 			CreatedAt:   createdAt,
 			LastUpdated: lastUpdated,
 		})
--- a/internal/repositories/refreshTokens_test.go
+++ b/internal/repositories/refreshTokens_test.go
@ -3,7 +3,6 @@ package repositories_test
 import (
 	"database/sql"
 	"testing"
 	"time"
 	"git.jamestombleson.com/jtom38/go-cook/internal/repositories"
 	_ "github.com/glebarez/go-sqlite"
@ -18,7 +17,7 @@ func TestRefreshTokenCreate(t *testing.T) {
 	}
 	client := repositories.NewRefreshTokenRepository(conn)
-	rows, err := client.Create("tester", "BadTokenDontUse", time.Now().Add(time.Hour+1))
+	rows, err := client.Create("tester", "BadTokenDontUse")
 	if err != nil {
 		t.Log(err)
 		t.FailNow()
@ -37,7 +36,7 @@ func TestRefreshTokenGetByUsername(t *testing.T) {
 	}
 	client := repositories.NewRefreshTokenRepository(conn)
-	rows, err := client.Create("tester", "BadTokenDoNotUse", time.Now().Add(time.Hour+1))
+	rows, err := client.Create("tester", "BadTokenDoNotUse")
 	if err != nil {
 		t.Log(err)
 		t.FailNow()
@ -68,7 +67,7 @@ func TestRefreshTokenDeleteById(t *testing.T) {
 	}
 	client := repositories.NewRefreshTokenRepository(conn)
-	_, err = client.Create("tester", "BadTokenDoNotUse", time.Now().Add(time.Hour+1))
+	_, err = client.Create("tester", "BadTokenDoNotUse")
 	if err != nil {
 		t.Log(err)
 		t.FailNow()
--- a/internal/repositories/users.go
+++ b/internal/repositories/users.go
@ -133,7 +133,7 @@ func (ur UserRepository) processRows(rows *sql.Rows) []domain.UserEntity {
 	items := []domain.UserEntity{}
 	for rows.Next() {
-		var id int
+		var id int64
 		var name string
 		var hash string
 		var createdAt time.Time
--- a/internal/services/refreshTokenService.go
+++ b/internal/services/refreshTokenService.go
@ -3,20 +3,25 @@ package services
 import (
 	"database/sql"
 	"errors"
 	"time"
 	"git.jamestombleson.com/jtom38/go-cook/internal/domain"
 	"git.jamestombleson.com/jtom38/go-cook/internal/repositories"
 	"github.com/google/uuid"
 )
 const (
 	ErrUnexpectedAmountOfRowsUpdated = "got a unexpected of rows updated"
 )
 type RefreshToken interface {
-	Create(username string, expiresAt time.Time) (string, error)
+	Create(username string) (string, error)
 	GetByName(name string) (domain.RefreshTokenEntity, error)
 	Delete(id int64) (int64, error)
-	IsRequestValid(username, refreshToken string, jwtExpiresAt time.Time) error
+	IsRequestValid(username, refreshToken string) error
 }
 // A new jwt token can be made if the user has the correct refresh token for the user.
 // It will also require the old JWT token so the expire time is pulled and part of the validation
 type RefreshTokenService struct {
 	table repositories.RefreshTokenTable
 }
@ -27,13 +32,26 @@ func NewRefreshTokenService(conn *sql.DB) RefreshTokenService {
 	}
 }
-func (rt RefreshTokenService) Create(username string, expiresAt time.Time) (string, error) {
+func (rt RefreshTokenService) Create(username string) (string, error) {
 	//if a refresh token already exists for a user, reuse
 	existingToken, err := rt.GetByName(username)
 	if err == nil {
 		rowsRemoved, err := rt.Delete(existingToken.Id)
 		if err != nil {
 			return "", err
 		}
 		if rowsRemoved != 1 {
 			return "", errors.New(ErrUnexpectedAmountOfRowsUpdated)
 		}
 	}
 	token, err := uuid.NewV7()
 	if err != nil {
 		return "", err
 	}
-	rows, err := rt.table.Create(username, token.String(), expiresAt)
+	rows, err := rt.table.Create(username, token.String())
 	if err != nil {
 		return "", err
 	}
@ -54,19 +72,15 @@ func (rt RefreshTokenService) Delete(id int64) (int64, error) {
 	return rt.table.DeleteById(id)
 }
-func (rt RefreshTokenService) IsRequestValid(username, refreshToken string, jwtExpiresAt time.Time) error {
+func (rt RefreshTokenService) IsRequestValid(username, refreshToken string) error {
 	token, err := rt.GetByName(username)
 	if err != nil {
 		return err
 	}
-	
+
-	if (token.Token != refreshToken) {
+	if token.Token != refreshToken {
 		return errors.New("the refresh token given does not match")
 	}
 	if (token.ExpiresAt != jwtExpiresAt) {
 		return errors.New("the time when the jwt token expires does not match what was given")
 	}
 	return nil
-}
+}
--- a/rest.http
+++ b/rest.http
@ -16,6 +16,15 @@ Content-Type: application/x-www-form-urlencoded
 password=lol
 ### Try to refresh the token
 POST http://localhost:1323/api/v1/auth/refreshToken
 Content-Type: application/json
 Authorization: Bearer 
 {
    "username": "test",
    "refreshToken": ""
 }
 ### Add Scope to test user
 POST http://localhost:1323/api/v1/auth/scopes/add
Author	SHA1	Message	Date
James Tombleson	7d6e7d46cd	small helper file updates	2024-04-21 10:29:46 -07:00
James Tombleson	26820d80f7	uuid was added	2024-04-21 10:29:24 -07:00
James Tombleson	9627c51e7a	minor changes to requests and responses	2024-04-21 10:29:17 -07:00
James Tombleson	be337b4bb9	auth handler now can work with refresh token request	2024-04-21 10:28:50 -07:00
James Tombleson	8482afed8d	small improvement to creating a jwt logic	2024-04-21 10:28:21 -07:00
James Tombleson	e7f706b6e7	The refreshtoken no longer cares about when a token expired. When they want a new jtw from refresh a new refresh token is made also	2024-04-21 10:27:56 -07:00
James Tombleson	b02ed3f86a	Moved handler to use interfaces and added the refreshToken endpoint	2024-04-21 08:59:51 -07:00
James Tombleson	0383d554b8	added RefreshTokenRequest as a body	2024-04-21 08:59:25 -07:00
James Tombleson	e218da5e7d	Updated some responses to return the base struct with embedding	2024-04-21 08:59:07 -07:00
James Tombleson	5b2ff607b9	Moved entity id's to int64 that the sql driver returns	2024-04-21 08:58:32 -07:00