✨ Add a feature to refresh AccessToken (#434)

mahata · Nov 27, 2024 · c9136e4 · c9136e4
1 parent 442dde8
commit c9136e4
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 9 deletions.
diff --git a/.run/KtlogApplication.run.xml b/.run/KtlogApplication.run.xml
@@ -9,4 +9,12 @@
       <option name="Make" enabled="true" />
     </method>
   </configuration>
+  <configuration default="false" name="KtlogApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot" nameIsGenerated="true">
+    <option name="FRAME_DEACTIVATION_UPDATE_POLICY" value="UpdateClassesAndResources" />
+    <module name="org.mahata.render.ktlog.main" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="org.mahata.ktlog.KtlogApplication" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
 </component>
diff --git a/.run/Run Locally.run.xml → .run/React.run.xml b/.run/Run Locally.run.xml → .run/React.run.xml
@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="Run Locally" type="js.build_tools.npm">
+  <configuration default="false" name="React" type="js.build_tools.npm">
     <package-json value="$PROJECT_DIR$/frontend/package.json" />
     <command value="run" />
     <scripts>

diff --git a/backend/src/main/kotlin/org/mahata/ktlog/controller/AuthController.kt b/backend/src/main/kotlin/org/mahata/ktlog/controller/AuthController.kt
@@ -50,10 +50,17 @@ class AuthController(
     @PostMapping("/refresh")
     fun refreshAccessToken(
         @RequestBody request: RefreshTokenRequest,
-    ): TokenResponse =
-        authService.refreshAccessToken(request.token)
-            ?.mapToTokenResponse()
-            ?: throw ResponseStatusException(HttpStatus.FORBIDDEN, "Invalid refresh token.")
+        response: HttpServletResponse,
+    ): TokenResponse {
+        val accessToken = authService.refreshAccessToken(request.token)
+
+        accessToken?.let { token ->
+            val accessTokenCookie = createHttpOnlyCookie("accessToken", token, "/", jwtProperties.accessTokenExpiration)
+            response.addHeader("Set-Cookie", accessTokenCookie.toString())
+
+            return token.mapToTokenResponse()
+        } ?: throw ResponseStatusException(HttpStatus.FORBIDDEN, "Invalid refresh token.")
+    }
 
     private fun createHttpOnlyCookie(
         name: String,
@@ -83,5 +90,5 @@ class AuthController(
         return AuthStatus(isLoggedIn)
     }
 
-    private fun String.mapToTokenResponse(): TokenResponse = TokenResponse(token = this)
+    private fun String.mapToTokenResponse(): TokenResponse = TokenResponse(accessToken = this)
 }
diff --git a/backend/src/main/kotlin/org/mahata/ktlog/data/TokenResponse.kt b/backend/src/main/kotlin/org/mahata/ktlog/data/TokenResponse.kt
@@ -1,5 +1,5 @@
 package org.mahata.ktlog.data
 
 data class TokenResponse(
-    private val token: String,
+    private val accessToken: String,
 )
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
@@ -25,8 +25,8 @@ server:
 
 jwt:
   key: 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-  access-token-expiration: 360000 # 100 hours
-  refresh-token-expiration: 8640000 # 100 days
+  access-token-expiration: 3600000 # 1000 hours
+  refresh-token-expiration: 86400000 # 1000 days
 
 logging:
   level: