Add Refresh token
This commit is contained in:
Aditya Siregar
parent
9db3dcb472
commit
f85929c575
@ -66,6 +66,8 @@ func (c *Config) Auth() *AuthConfig {
|
||||
return &AuthConfig{
|
||||
jwtTokenSecret: c.Jwt.Token.Secret,
|
||||
jwtTokenExpiresTTL: c.Jwt.Token.ExpiresTTL,
|
||||
refreshTokenSecret: c.Jwt.RefreshToken.Secret,
|
||||
refreshTokenExpiresTTL: c.Jwt.RefreshToken.ExpiresTTL,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,8 @@ import "time"
|
||||
type AuthConfig struct {
|
||||
jwtTokenExpiresTTL int
|
||||
jwtTokenSecret string
|
||||
refreshTokenExpiresTTL int
|
||||
refreshTokenSecret string
|
||||
}
|
||||
|
||||
type JWT struct {
|
||||
@ -20,3 +22,20 @@ func (c *AuthConfig) AccessTokenExpiresDate() time.Time {
|
||||
duration := time.Duration(c.jwtTokenExpiresTTL)
|
||||
return time.Now().UTC().Add(time.Minute * duration)
|
||||
}
|
||||
|
||||
func (c *AuthConfig) RefreshTokenSecret() string {
|
||||
return c.refreshTokenSecret
|
||||
}
|
||||
|
||||
func (c *AuthConfig) RefreshTokenExpiresDate() time.Time {
|
||||
duration := time.Duration(c.refreshTokenExpiresTTL)
|
||||
return time.Now().UTC().Add(time.Minute * duration)
|
||||
}
|
||||
|
||||
func (c *AuthConfig) AccessTokenTTL() time.Duration {
|
||||
return time.Duration(c.jwtTokenExpiresTTL) * time.Minute
|
||||
}
|
||||
|
||||
func (c *AuthConfig) RefreshTokenTTL() time.Duration {
|
||||
return time.Duration(c.refreshTokenExpiresTTL) * time.Minute
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@ package config
|
||||
|
||||
type Jwt struct {
|
||||
Token Token `mapstructure:"token"`
|
||||
RefreshToken RefreshToken `mapstructure:"refresh_token"`
|
||||
Customer Customer `mapstructure:"customer"`
|
||||
}
|
||||
|
||||
@ -10,6 +11,11 @@ type Token struct {
|
||||
Secret string `mapstructure:"secret"`
|
||||
}
|
||||
|
||||
type RefreshToken struct {
|
||||
ExpiresTTL int `mapstructure:"expires-ttl"`
|
||||
Secret string `mapstructure:"secret"`
|
||||
}
|
||||
|
||||
type Customer struct {
|
||||
ExpiresTTL int `mapstructure:"expires-ttl"`
|
||||
Secret string `mapstructure:"secret"`
|
||||
|
||||
@ -7,6 +7,9 @@ jwt:
|
||||
token:
|
||||
expires-ttl: 144000
|
||||
secret: "5Lm25V3Qd7aut8dr4QUxm5PZUrSFs"
|
||||
refresh_token:
|
||||
expires-ttl: 7776000 # 3 months in minutes (90 days * 24 hours * 60 minutes)
|
||||
secret: "R3fr3sh_T0k3n_S3cr3t_K3y_2024_P0S"
|
||||
customer:
|
||||
expires-ttl: 7776000
|
||||
secret: "z8d5TlFCT58Q$i0%S^2M&3WtE$PMgd"
|
||||
|
||||
@ -365,8 +365,7 @@ type services struct {
|
||||
|
||||
func (a *App) initServices(processors *processors, repos *repositories, cfg *config.Config) *services {
|
||||
authConfig := cfg.Auth()
|
||||
jwtSecret := authConfig.AccessTokenSecret()
|
||||
authService := service.NewAuthService(processors.userProcessor, jwtSecret)
|
||||
authService := service.NewAuthService(processors.userProcessor, authConfig)
|
||||
organizationService := service.NewOrganizationService(processors.organizationProcessor)
|
||||
outletService := service.NewOutletService(processors.outletProcessor)
|
||||
outletSettingService := service.NewOutletSettingService(processors.outletSettingProcessor)
|
||||
|
||||
@ -41,7 +41,9 @@ type LoginRequest struct {
|
||||
|
||||
type LoginResponse struct {
|
||||
Token string `json:"token"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
ExpiresAt time.Time `json:"expires_at"`
|
||||
RefreshExpiresAt time.Time `json:"refresh_expires_at"`
|
||||
User UserResponse `json:"user"`
|
||||
}
|
||||
|
||||
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"apskel-pos-be/config"
|
||||
"apskel-pos-be/internal/contract"
|
||||
"apskel-pos-be/internal/models"
|
||||
"apskel-pos-be/internal/transformer"
|
||||
@ -25,7 +26,9 @@ type AuthService interface {
|
||||
type AuthServiceImpl struct {
|
||||
userProcessor UserProcessor
|
||||
jwtSecret string
|
||||
refreshSecret string
|
||||
tokenTTL time.Duration
|
||||
refreshTokenTTL time.Duration
|
||||
}
|
||||
|
||||
type Claims struct {
|
||||
@ -36,11 +39,13 @@ type Claims struct {
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
func NewAuthService(userProcessor UserProcessor, jwtSecret string) AuthService {
|
||||
func NewAuthService(userProcessor UserProcessor, authConfig *config.AuthConfig) AuthService {
|
||||
return &AuthServiceImpl{
|
||||
userProcessor: userProcessor,
|
||||
jwtSecret: jwtSecret,
|
||||
tokenTTL: 24 * time.Hour,
|
||||
jwtSecret: authConfig.AccessTokenSecret(),
|
||||
refreshSecret: authConfig.RefreshTokenSecret(),
|
||||
tokenTTL: authConfig.AccessTokenTTL(),
|
||||
refreshTokenTTL: authConfig.RefreshTokenTTL(),
|
||||
}
|
||||
}
|
||||
|
||||
@ -71,9 +76,16 @@ func (s *AuthServiceImpl) Login(ctx context.Context, req *contract.LoginRequest)
|
||||
return nil, fmt.Errorf("failed to generate token: %w", err)
|
||||
}
|
||||
|
||||
refreshToken, refreshExpiresAt, err := s.generateRefreshToken(userResponse)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate refresh token: %w", err)
|
||||
}
|
||||
|
||||
return &contract.LoginResponse{
|
||||
Token: token,
|
||||
RefreshToken: refreshToken,
|
||||
ExpiresAt: expiresAt,
|
||||
RefreshExpiresAt: refreshExpiresAt,
|
||||
User: *contractUserResponse,
|
||||
}, nil
|
||||
}
|
||||
@ -119,9 +131,16 @@ func (s *AuthServiceImpl) RefreshToken(ctx context.Context, tokenString string)
|
||||
return nil, fmt.Errorf("failed to generate token: %w", err)
|
||||
}
|
||||
|
||||
refreshToken, refreshExpiresAt, err := s.generateRefreshToken(userResponse)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate refresh token: %w", err)
|
||||
}
|
||||
|
||||
return &contract.LoginResponse{
|
||||
Token: newToken,
|
||||
RefreshToken: refreshToken,
|
||||
ExpiresAt: expiresAt,
|
||||
RefreshExpiresAt: refreshExpiresAt,
|
||||
User: *contractUserResponse,
|
||||
}, nil
|
||||
}
|
||||
@ -164,6 +183,32 @@ func (s *AuthServiceImpl) generateToken(user *models.UserResponse) (string, time
|
||||
return tokenString, expiresAt, nil
|
||||
}
|
||||
|
||||
func (s *AuthServiceImpl) generateRefreshToken(user *models.UserResponse) (string, time.Time, error) {
|
||||
expiresAt := time.Now().Add(s.refreshTokenTTL)
|
||||
|
||||
claims := &Claims{
|
||||
UserID: user.ID,
|
||||
Email: user.Email,
|
||||
Role: string(user.Role),
|
||||
OrganizationID: user.OrganizationID,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(expiresAt),
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
NotBefore: jwt.NewNumericDate(time.Now()),
|
||||
Issuer: "apskel-pos-refresh",
|
||||
Subject: user.ID.String(),
|
||||
},
|
||||
}
|
||||
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
tokenString, err := token.SignedString([]byte(s.refreshSecret))
|
||||
if err != nil {
|
||||
return "", time.Time{}, err
|
||||
}
|
||||
|
||||
return tokenString, expiresAt, nil
|
||||
}
|
||||
|
||||
func (s *AuthServiceImpl) parseToken(tokenString string) (*Claims, error) {
|
||||
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user