jessebrault/meals-made-easy-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More ideal settings of token lifetimes and usage of @Nullable in AuthController.

Browse Source
This commit is contained in:
Jesse Brault 2024-08-07 17:02:38 -05:00
parent 96deeca6a4
commit 17533e15ed
2 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
View File

@ -1,6 +1,7 @@
package app.mealsmadeeasy.api.auth;
import app.mealsmadeeasy.api.security.AuthToken;
import org.jetbrains.annotations.Nullable;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseCookie;
@ -11,7 +12,7 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping("/auth")
public final class AuthController {
private static ResponseCookie getRefreshTokenCookie(String token, long maxAge) {
private static ResponseCookie getRefreshTokenCookie(@Nullable String token, long maxAge) {
final ResponseCookie.ResponseCookieBuilder b = ResponseCookie.from("refresh-token")
.httpOnly(true)
.secure(true)
@ -57,18 +58,23 @@ public final class AuthController {
@PostMapping("/refresh")
public ResponseEntity<LoginView> refresh(
@CookieValue(value = "refresh-token") String oldRefreshToken
@CookieValue(value = "refresh-token", required = false) @Nullable String oldRefreshToken
) {
try {
final LoginDetails loginDetails = this.authService.refresh(oldRefreshToken);
return this.getLoginViewResponseEntity(loginDetails);
} catch (LoginException loginException) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
if (oldRefreshToken != null) {
try {
final LoginDetails loginDetails = this.authService.refresh(oldRefreshToken);
return this.getLoginViewResponseEntity(loginDetails);
} catch (LoginException loginException) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}
}
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
}
@PostMapping("/logout")
public ResponseEntity<?> logout(@CookieValue(value = "refresh-token", required = false) String refreshToken) {
public ResponseEntity<?> logout(
@CookieValue(value = "refresh-token", required = false) @Nullable String refreshToken
) {
if (refreshToken != null) {
this.authService.logout(refreshToken);
}

4
src/main/resources/application.properties
View File

@ -5,8 +5,8 @@ spring.datasource.username=meals-made-easy-api-user
spring.datasource.password=devpass
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
app.mealsmadeeasy.api.baseUrl=http://localhost:8080
app.mealsmadeeasy.api.security.access-token-lifetime=10
app.mealsmadeeasy.api.security.refresh-token-lifetime=120
app.mealsmadeeasy.api.security.access-token-lifetime=60
app.mealsmadeeasy.api.security.refresh-token-lifetime=3600
app.mealsmadeeasy.api.minio.endpoint=http://localhost:9000
app.mealsmadeeasy.api.minio.accessKey=minio-root
app.mealsmadeeasy.api.minio.secretKey=test0123