Add Refresh token
This commit is contained in:
Aditya Siregar
parent
9db3dcb472
commit
f85929c575
@ -66,6 +66,8 @@ func (c *Config) Auth() *AuthConfig {
|
|||||||
return &AuthConfig{
|
return &AuthConfig{
|
||||||
jwtTokenSecret: c.Jwt.Token.Secret,
|
jwtTokenSecret: c.Jwt.Token.Secret,
|
||||||
jwtTokenExpiresTTL: c.Jwt.Token.ExpiresTTL,
|
jwtTokenExpiresTTL: c.Jwt.Token.ExpiresTTL,
|
||||||
|
refreshTokenSecret: c.Jwt.RefreshToken.Secret,
|
||||||
|
refreshTokenExpiresTTL: c.Jwt.RefreshToken.ExpiresTTL,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -5,6 +5,8 @@ import "time"
|
|||||||
type AuthConfig struct {
|
type AuthConfig struct {
|
||||||
jwtTokenExpiresTTL int
|
jwtTokenExpiresTTL int
|
||||||
jwtTokenSecret string
|
jwtTokenSecret string
|
||||||
|
refreshTokenExpiresTTL int
|
||||||
|
refreshTokenSecret string
|
||||||
}
|
}
|
||||||
|
|
||||||
type JWT struct {
|
type JWT struct {
|
||||||
@ -20,3 +22,20 @@ func (c *AuthConfig) AccessTokenExpiresDate() time.Time {
|
|||||||
duration := time.Duration(c.jwtTokenExpiresTTL)
|
duration := time.Duration(c.jwtTokenExpiresTTL)
|
||||||
return time.Now().UTC().Add(time.Minute * duration)
|
return time.Now().UTC().Add(time.Minute * duration)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *AuthConfig) RefreshTokenSecret() string {
|
||||||
|
return c.refreshTokenSecret
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *AuthConfig) RefreshTokenExpiresDate() time.Time {
|
||||||
|
duration := time.Duration(c.refreshTokenExpiresTTL)
|
||||||
|
return time.Now().UTC().Add(time.Minute * duration)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *AuthConfig) AccessTokenTTL() time.Duration {
|
||||||
|
return time.Duration(c.jwtTokenExpiresTTL) * time.Minute
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *AuthConfig) RefreshTokenTTL() time.Duration {
|
||||||
|
return time.Duration(c.refreshTokenExpiresTTL) * time.Minute
|
||||||
|
}
|
||||||
|
|||||||
@ -2,6 +2,7 @@ package config
|
|||||||
|
|
||||||
type Jwt struct {
|
type Jwt struct {
|
||||||
Token Token `mapstructure:"token"`
|
Token Token `mapstructure:"token"`
|
||||||
|
RefreshToken RefreshToken `mapstructure:"refresh_token"`
|
||||||
Customer Customer `mapstructure:"customer"`
|
Customer Customer `mapstructure:"customer"`
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -10,6 +11,11 @@ type Token struct {
|
|||||||
Secret string `mapstructure:"secret"`
|
Secret string `mapstructure:"secret"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type RefreshToken struct {
|
||||||
|
ExpiresTTL int `mapstructure:"expires-ttl"`
|
||||||
|
Secret string `mapstructure:"secret"`
|
||||||
|
}
|
||||||
|
|
||||||
type Customer struct {
|
type Customer struct {
|
||||||
ExpiresTTL int `mapstructure:"expires-ttl"`
|
ExpiresTTL int `mapstructure:"expires-ttl"`
|
||||||
Secret string `mapstructure:"secret"`
|
Secret string `mapstructure:"secret"`
|
||||||
|
|||||||
@ -7,6 +7,9 @@ jwt:
|
|||||||
token:
|
token:
|
||||||
expires-ttl: 144000
|
expires-ttl: 144000
|
||||||
secret: "5Lm25V3Qd7aut8dr4QUxm5PZUrSFs"
|
secret: "5Lm25V3Qd7aut8dr4QUxm5PZUrSFs"
|
||||||
|
refresh_token:
|
||||||
|
expires-ttl: 7776000 # 3 months in minutes (90 days * 24 hours * 60 minutes)
|
||||||
|
secret: "R3fr3sh_T0k3n_S3cr3t_K3y_2024_P0S"
|
||||||
customer:
|
customer:
|
||||||
expires-ttl: 7776000
|
expires-ttl: 7776000
|
||||||
secret: "z8d5TlFCT58Q$i0%S^2M&3WtE$PMgd"
|
secret: "z8d5TlFCT58Q$i0%S^2M&3WtE$PMgd"
|
||||||
|
|||||||
@ -365,8 +365,7 @@ type services struct {
|
|||||||
|
|
||||||
func (a *App) initServices(processors *processors, repos *repositories, cfg *config.Config) *services {
|
func (a *App) initServices(processors *processors, repos *repositories, cfg *config.Config) *services {
|
||||||
authConfig := cfg.Auth()
|
authConfig := cfg.Auth()
|
||||||
jwtSecret := authConfig.AccessTokenSecret()
|
authService := service.NewAuthService(processors.userProcessor, authConfig)
|
||||||
authService := service.NewAuthService(processors.userProcessor, jwtSecret)
|
|
||||||
organizationService := service.NewOrganizationService(processors.organizationProcessor)
|
organizationService := service.NewOrganizationService(processors.organizationProcessor)
|
||||||
outletService := service.NewOutletService(processors.outletProcessor)
|
outletService := service.NewOutletService(processors.outletProcessor)
|
||||||
outletSettingService := service.NewOutletSettingService(processors.outletSettingProcessor)
|
outletSettingService := service.NewOutletSettingService(processors.outletSettingProcessor)
|
||||||
|
|||||||
@ -41,7 +41,9 @@ type LoginRequest struct {
|
|||||||
|
|
||||||
type LoginResponse struct {
|
type LoginResponse struct {
|
||||||
Token string `json:"token"`
|
Token string `json:"token"`
|
||||||
|
RefreshToken string `json:"refresh_token"`
|
||||||
ExpiresAt time.Time `json:"expires_at"`
|
ExpiresAt time.Time `json:"expires_at"`
|
||||||
|
RefreshExpiresAt time.Time `json:"refresh_expires_at"`
|
||||||
User UserResponse `json:"user"`
|
User UserResponse `json:"user"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -6,6 +6,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"apskel-pos-be/config"
|
||||||
"apskel-pos-be/internal/contract"
|
"apskel-pos-be/internal/contract"
|
||||||
"apskel-pos-be/internal/models"
|
"apskel-pos-be/internal/models"
|
||||||
"apskel-pos-be/internal/transformer"
|
"apskel-pos-be/internal/transformer"
|
||||||
@ -25,7 +26,9 @@ type AuthService interface {
|
|||||||
type AuthServiceImpl struct {
|
type AuthServiceImpl struct {
|
||||||
userProcessor UserProcessor
|
userProcessor UserProcessor
|
||||||
jwtSecret string
|
jwtSecret string
|
||||||
|
refreshSecret string
|
||||||
tokenTTL time.Duration
|
tokenTTL time.Duration
|
||||||
|
refreshTokenTTL time.Duration
|
||||||
}
|
}
|
||||||
|
|
||||||
type Claims struct {
|
type Claims struct {
|
||||||
@ -36,11 +39,13 @@ type Claims struct {
|
|||||||
jwt.RegisteredClaims
|
jwt.RegisteredClaims
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAuthService(userProcessor UserProcessor, jwtSecret string) AuthService {
|
func NewAuthService(userProcessor UserProcessor, authConfig *config.AuthConfig) AuthService {
|
||||||
return &AuthServiceImpl{
|
return &AuthServiceImpl{
|
||||||
userProcessor: userProcessor,
|
userProcessor: userProcessor,
|
||||||
jwtSecret: jwtSecret,
|
jwtSecret: authConfig.AccessTokenSecret(),
|
||||||
tokenTTL: 24 * time.Hour,
|
refreshSecret: authConfig.RefreshTokenSecret(),
|
||||||
|
tokenTTL: authConfig.AccessTokenTTL(),
|
||||||
|
refreshTokenTTL: authConfig.RefreshTokenTTL(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -71,9 +76,16 @@ func (s *AuthServiceImpl) Login(ctx context.Context, req *contract.LoginRequest)
|
|||||||
return nil, fmt.Errorf("failed to generate token: %w", err)
|
return nil, fmt.Errorf("failed to generate token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
refreshToken, refreshExpiresAt, err := s.generateRefreshToken(userResponse)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to generate refresh token: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
return &contract.LoginResponse{
|
return &contract.LoginResponse{
|
||||||
Token: token,
|
Token: token,
|
||||||
|
RefreshToken: refreshToken,
|
||||||
ExpiresAt: expiresAt,
|
ExpiresAt: expiresAt,
|
||||||
|
RefreshExpiresAt: refreshExpiresAt,
|
||||||
User: *contractUserResponse,
|
User: *contractUserResponse,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -119,9 +131,16 @@ func (s *AuthServiceImpl) RefreshToken(ctx context.Context, tokenString string)
|
|||||||
return nil, fmt.Errorf("failed to generate token: %w", err)
|
return nil, fmt.Errorf("failed to generate token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
refreshToken, refreshExpiresAt, err := s.generateRefreshToken(userResponse)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to generate refresh token: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
return &contract.LoginResponse{
|
return &contract.LoginResponse{
|
||||||
Token: newToken,
|
Token: newToken,
|
||||||
|
RefreshToken: refreshToken,
|
||||||
ExpiresAt: expiresAt,
|
ExpiresAt: expiresAt,
|
||||||
|
RefreshExpiresAt: refreshExpiresAt,
|
||||||
User: *contractUserResponse,
|
User: *contractUserResponse,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
@ -164,6 +183,32 @@ func (s *AuthServiceImpl) generateToken(user *models.UserResponse) (string, time
|
|||||||
return tokenString, expiresAt, nil
|
return tokenString, expiresAt, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *AuthServiceImpl) generateRefreshToken(user *models.UserResponse) (string, time.Time, error) {
|
||||||
|
expiresAt := time.Now().Add(s.refreshTokenTTL)
|
||||||
|
|
||||||
|
claims := &Claims{
|
||||||
|
UserID: user.ID,
|
||||||
|
Email: user.Email,
|
||||||
|
Role: string(user.Role),
|
||||||
|
OrganizationID: user.OrganizationID,
|
||||||
|
RegisteredClaims: jwt.RegisteredClaims{
|
||||||
|
ExpiresAt: jwt.NewNumericDate(expiresAt),
|
||||||
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||||
|
NotBefore: jwt.NewNumericDate(time.Now()),
|
||||||
|
Issuer: "apskel-pos-refresh",
|
||||||
|
Subject: user.ID.String(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||||
|
tokenString, err := token.SignedString([]byte(s.refreshSecret))
|
||||||
|
if err != nil {
|
||||||
|
return "", time.Time{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return tokenString, expiresAt, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (s *AuthServiceImpl) parseToken(tokenString string) (*Claims, error) {
|
func (s *AuthServiceImpl) parseToken(tokenString string) (*Claims, error) {
|
||||||
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user