jessebrault/meals-made-easy-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More ideal settings of token lifetimes and usage of @Nullable in AuthController.

Browse Source
This commit is contained in:
Jesse Brault 2024-08-07 17:02:38 -05:00
parent 96deeca6a4
commit 17533e15ed
2 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
View File

@ -1,6 +1,7 @@
package app.mealsmadeeasy.api.auth; package app.mealsmadeeasy.api.auth;
import app.mealsmadeeasy.api.security.AuthToken; import app.mealsmadeeasy.api.security.AuthToken;
import org.jetbrains.annotations.Nullable;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseCookie; import org.springframework.http.ResponseCookie;
@ -11,7 +12,7 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping("/auth") @RequestMapping("/auth")
public final class AuthController { public final class AuthController {
private static ResponseCookie getRefreshTokenCookie(String token, long maxAge) { private static ResponseCookie getRefreshTokenCookie(@Nullable String token, long maxAge) {
final ResponseCookie.ResponseCookieBuilder b = ResponseCookie.from("refresh-token") final ResponseCookie.ResponseCookieBuilder b = ResponseCookie.from("refresh-token")
.httpOnly(true) .httpOnly(true)
.secure(true) .secure(true)
@ -57,18 +58,23 @@ public final class AuthController {
@PostMapping("/refresh") @PostMapping("/refresh")
public ResponseEntity<LoginView> refresh( public ResponseEntity<LoginView> refresh(
@CookieValue(value = "refresh-token") String oldRefreshToken @CookieValue(value = "refresh-token", required = false) @Nullable String oldRefreshToken
) { ) {
try { if (oldRefreshToken != null) {
final LoginDetails loginDetails = this.authService.refresh(oldRefreshToken); try {
return this.getLoginViewResponseEntity(loginDetails); final LoginDetails loginDetails = this.authService.refresh(oldRefreshToken);
} catch (LoginException loginException) { return this.getLoginViewResponseEntity(loginDetails);
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); } catch (LoginException loginException) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}
} }
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
} }
@PostMapping("/logout") @PostMapping("/logout")
public ResponseEntity<?> logout(@CookieValue(value = "refresh-token", required = false) String refreshToken) { public ResponseEntity<?> logout(
@CookieValue(value = "refresh-token", required = false) @Nullable String refreshToken
) {
if (refreshToken != null) { if (refreshToken != null) {
this.authService.logout(refreshToken); this.authService.logout(refreshToken);
} }

4
src/main/resources/application.properties
View File

@ -5,8 +5,8 @@ spring.datasource.username=meals-made-easy-api-user
spring.datasource.password=devpass spring.datasource.password=devpass
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
app.mealsmadeeasy.api.baseUrl=http://localhost:8080 app.mealsmadeeasy.api.baseUrl=http://localhost:8080
app.mealsmadeeasy.api.security.access-token-lifetime=10 app.mealsmadeeasy.api.security.access-token-lifetime=60
app.mealsmadeeasy.api.security.refresh-token-lifetime=120 app.mealsmadeeasy.api.security.refresh-token-lifetime=3600
app.mealsmadeeasy.api.minio.endpoint=http://localhost:9000 app.mealsmadeeasy.api.minio.endpoint=http://localhost:9000
app.mealsmadeeasy.api.minio.accessKey=minio-root app.mealsmadeeasy.api.minio.accessKey=minio-root
app.mealsmadeeasy.api.minio.secretKey=test0123 app.mealsmadeeasy.api.minio.secretKey=test0123