feat: add refresh token endpoint and related configurations #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
New Feature:
-Implemented the RefreshToken method in the TokenUsecase to handle token refreshing.
-The method retrieves the refresh token from the HTTP cookie, validates it, and generates a new access and refresh token pair.
Details:
-Extracts the refresh token from the cookie using c.Cookie.
-Validates the refresh token and extracts claims using the GetClaims method.
-Converts roles from []interface{} to []string for proper type handling.
-Generates a new token pair using the GenerateToken method.
Reason for Addition:
-To provide functionality for refreshing expired access tokens while maintaining security through refresh tokens.
-This is a critical feature for session management in the application.
Benefits:
-Enables secure token lifecycle management.
-Improves user experience by allowing seamless token refresh without requiring re-login.
|
Thanks, @alielmi98 for these valuable pull requests. |
|
But i can't find your review messages? |
naeemaei
requested changes
May 5, 2025
| @@ -47,6 +56,9 @@ func (h *UsersHandler) LoginByUsername(c *gin.Context) { | |||
| return | |||
| } | |||
|
|
|||
| // Set the refresh token in a cookie | |||
| c.SetCookie(constant.RefreshTokenCookieName, token.RefreshToken, int(h.config.JWT.RefreshTokenExpireDuration*60), "/", h.config.Server.Domin, true, true) | |||
There was a problem hiding this comment.
It's better to set sameSite attribute for CSRF protection
Suggested change
| c.SetCookie(constant.RefreshTokenCookieName, token.RefreshToken, int(h.config.JWT.RefreshTokenExpireDuration*60), "/", h.config.Server.Domin, true, true) | |
| http.SetCookie(c.Writer, &http.Cookie{ | |
| Name: constant.RefreshTokenCookieName, | |
| Value: token.RefreshToken, | |
| MaxAge: int(h.config.JWT.RefreshTokenExpireDuration * 60), | |
| Path: "/", | |
| Domain: h.config.Server.Domain, | |
| Secure: true, | |
| HttpOnly: true, | |
| SameSite: http.SameSiteStrictMode, | |
| }) |
| @@ -105,6 +117,9 @@ func (h *UsersHandler) RegisterLoginByMobileNumber(c *gin.Context) { | |||
| return | |||
| } | |||
|
|
|||
| // Set the refresh token in a cookie | |||
| c.SetCookie(constant.RefreshTokenCookieName, token.RefreshToken, int(h.config.JWT.RefreshTokenExpireDuration*60), "/", h.config.Server.Domin, true, true) | |||
There was a problem hiding this comment.
Suggested change
| c.SetCookie(constant.RefreshTokenCookieName, token.RefreshToken, int(h.config.JWT.RefreshTokenExpireDuration*60), "/", h.config.Server.Domin, true, true) | |
| http.SetCookie(c.Writer, &http.Cookie{ | |
| Name: constant.RefreshTokenCookieName, | |
| Value: token.RefreshToken, | |
| MaxAge: int(h.config.JWT.RefreshTokenExpireDuration * 60), | |
| Path: "/", | |
| Domain: h.config.Server.Domain, | |
| Secure: true, | |
| HttpOnly: true, | |
| SameSite: http.SameSiteStrictMode, | |
| }) |
| // @Success 200 {object} helper.BaseHttpResponse "Success" | ||
| // @Failure 400 {object} helper.BaseHttpResponse "Failed" | ||
| // @Failure 401 {object} helper.BaseHttpResponse "Failed" | ||
| // @Router /v1/users/refresh-token [get] |
There was a problem hiding this comment.
Given that we are requesting a new token in refresh-token and not retrieving a persistent resource. so it's better to set method POST
Suggested change
| // @Router /v1/users/refresh-token [get] | |
| // @Router /v1/users/refresh-token [post] |
| return | ||
| } | ||
| // Set the refresh token in a cookie | ||
| c.SetCookie(constant.RefreshTokenCookieName, token.RefreshToken, int(h.config.JWT.RefreshTokenExpireDuration*60), "/", h.config.Server.Domin, true, true) |
There was a problem hiding this comment.
Same as previous changes
Suggested change
| c.SetCookie(constant.RefreshTokenCookieName, token.RefreshToken, int(h.config.JWT.RefreshTokenExpireDuration*60), "/", h.config.Server.Domin, true, true) | |
| http.SetCookie(c.Writer, &http.Cookie{ | |
| Name: constant.RefreshTokenCookieName, | |
| Value: token.RefreshToken, | |
| MaxAge: int(h.config.JWT.RefreshTokenExpireDuration * 60), | |
| Path: "/", | |
| Domain: h.config.Server.Domain, | |
| Secure: true, | |
| HttpOnly: true, | |
| SameSite: http.SameSiteStrictMode, | |
| }) |
| @@ -14,4 +14,5 @@ func User(router *gin.RouterGroup, cfg *config.Config) { | |||
| router.POST("/login-by-username", h.LoginByUsername) | |||
| router.POST("/register-by-username", h.RegisterByUsername) | |||
| router.POST("/login-by-mobile", h.RegisterLoginByMobileNumber) | |||
| router.GET("/refresh-token", h.RefreshToken) | |||
There was a problem hiding this comment.
Based previous comment
Suggested change
| router.GET("/refresh-token", h.RefreshToken) | |
| router.POST("/refresh-token", h.RefreshToken) |
| @@ -2,6 +2,7 @@ server: | |||
| internalPort: 5005 | |||
| externalPort: 5005 | |||
| runMode: debug | |||
| domin: localhost | |||
There was a problem hiding this comment.
Suggested change
| domin: localhost | |
| domain: localhost |
| @@ -2,6 +2,7 @@ server: | |||
| internalPort: 5000 | |||
| externalPort: 0 | |||
| runMode: release | |||
| domin: localhost | |||
There was a problem hiding this comment.
Suggested change
| domin: localhost | |
| domain: localhost |
| @@ -2,6 +2,7 @@ server: | |||
| internalPort: 5010 | |||
| externalPort: 5010 | |||
| runMode: release | |||
| domin: localhost | |||
There was a problem hiding this comment.
Suggested change
| domin: localhost | |
| domain: localhost |
| InternalPort string | ||
| ExternalPort string | ||
| RunMode string | ||
| Domin string |
There was a problem hiding this comment.
Suggested change
| Domin string | |
| Domain string |
|
Please check. @alielmi98 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New Feature:
-Implemented the RefreshToken method in the TokenUsecase to handle token refreshing. -The method retrieves the refresh token from the HTTP cookie, validates it, and generates a new access and refresh token pair.
Details:
-Extracts the refresh token from the cookie using c.Cookie. -Validates the refresh token and extracts claims using the GetClaims method. -Converts roles from []interface{} to []string for proper type handling. -Generates a new token pair using the GenerateToken method.
Reason for Addition:
-To provide functionality for refreshing expired access tokens while maintaining security through refresh tokens. -This is a critical feature for session management in the application.
Benefits:
-Enables secure token lifecycle management.
-Improves user experience by allowing seamless token refresh without requiring re-login.