Working on refresh auth flow.

2024-08-06 21:54:53 -05:00 · 2024-08-06 21:54:53 -05:00 · e2765c4a96
commit e2765c4a96
parent 6a104f7f1a
10 changed files with 41 additions and 10 deletions
--- a/src/main/java/app/mealsmadeeasy/api/MvcConfiguration.java
+++ b/src/main/java/app/mealsmadeeasy/api/MvcConfiguration.java
@ -14,7 +14,9 @@ public class MvcConfiguration {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
-                registry.addMapping("/**").allowedOrigins("http://localhost:5173");
+                registry.addMapping("/**")
                        .allowedOrigins("http://localhost:5173")
                        .allowCredentials(true);
            }
        };
--- a/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java
@ -15,6 +15,7 @@ public final class AuthController {
        final ResponseCookie.ResponseCookieBuilder b = ResponseCookie.from("refresh-token")
                .httpOnly(true)
                .secure(true)
                .sameSite("Lax")
                .maxAge(maxAge);
        if (token != null) {
            b.value(token);
@ -35,7 +36,9 @@ public final class AuthController {
                refreshToken.getLifetime()
        );
        final var loginView = new LoginView(
-                loginDetails.getUsername(), loginDetails.getAccessToken().getToken()
+                loginDetails.getUsername(),
                loginDetails.getAccessToken().getToken(),
                loginDetails.getAccessToken().getExpires()
        );
        return ResponseEntity.ok()
                .header(HttpHeaders.SET_COOKIE, refreshCookie.toString())
--- a/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthServiceImpl.java
@ -73,7 +73,7 @@ public final class AuthServiceImpl implements AuthService {
            if (old.isRevoked()) {
                throw new LoginException("RefreshToken is revoked.");
            }
-            if (old.getExpiration().isBefore(LocalDateTime.now())) {
+            if (old.getExpires().isBefore(LocalDateTime.now())) {
                throw new LoginException("RefreshToken is expired.");
            }
            final UserEntity principal = old.getOwner();
--- a/src/main/java/app/mealsmadeeasy/api/auth/LoginView.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/LoginView.java
@ -1,13 +1,17 @@
 package app.mealsmadeeasy.api.auth;
 import java.time.LocalDateTime;
 public final class LoginView {
    private final String username;
    private final String accessToken;
    private final LocalDateTime expires;
-    public LoginView(String username, String accessToken) {
+    public LoginView(String username, String accessToken, LocalDateTime expires) {
        this.username = username;
        this.accessToken = accessToken;
        this.expires = expires;
    }
    public String getUsername() {
@ -18,4 +22,8 @@ public final class LoginView {
        return this.accessToken;
    }
    public LocalDateTime getExpires() {
        return this.expires;
    }
 }
--- a/src/main/java/app/mealsmadeeasy/api/auth/RefreshToken.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/RefreshToken.java
@ -6,6 +6,5 @@ import java.time.LocalDateTime;
 public interface RefreshToken extends AuthToken {
    LocalDateTime getIssued();
    LocalDateTime getExpiration();
    boolean isRevoked();
 }
--- a/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenEntity.java
+++ b/src/main/java/app/mealsmadeeasy/api/auth/RefreshTokenEntity.java
@ -45,7 +45,7 @@ public class RefreshTokenEntity implements RefreshToken {
    }
    @Override
-    public LocalDateTime getExpiration() {
+    public LocalDateTime getExpires() {
        return this.expiration;
    }
--- a/src/main/java/app/mealsmadeeasy/api/jwt/JwtServiceImpl.java
+++ b/src/main/java/app/mealsmadeeasy/api/jwt/JwtServiceImpl.java
@ -11,6 +11,8 @@ import org.springframework.stereotype.Service;
 import javax.crypto.SecretKey;
 import java.time.Instant;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.util.Date;
 import java.util.Map;
@ -33,14 +35,19 @@ public final class JwtServiceImpl implements JwtService {
    @Override
    public AuthToken generateAccessToken(String username) {
        final Instant now = Instant.now();
        final Instant expires = Instant.from(now.plusSeconds(accessTokenLifetime));
        final String token = Jwts.builder()
                .subject(username)
                .issuedAt(Date.from(now))
-                .expiration(Date.from(now.plusSeconds(this.accessTokenLifetime)))
+                .expiration(Date.from(expires))
                .signWith(this.secretKey)
                .json(this.serializer)
                .compact();
-        return new SimpleAuthToken(token, this.accessTokenLifetime);
+        return new SimpleAuthToken(
                token,
                this.accessTokenLifetime,
                LocalDateTime.ofInstant(expires, ZoneId.systemDefault())
        );
    }
    @Override
--- a/src/main/java/app/mealsmadeeasy/api/security/AuthToken.java
+++ b/src/main/java/app/mealsmadeeasy/api/security/AuthToken.java
@ -1,6 +1,9 @@
 package app.mealsmadeeasy.api.security;
 import java.time.LocalDateTime;
 public interface AuthToken {
    String getToken();
    long getLifetime();
    LocalDateTime getExpires();
 }
--- a/src/main/java/app/mealsmadeeasy/api/security/SimpleAuthToken.java
+++ b/src/main/java/app/mealsmadeeasy/api/security/SimpleAuthToken.java
@ -1,13 +1,17 @@
 package app.mealsmadeeasy.api.security;
 import java.time.LocalDateTime;
 public final class SimpleAuthToken implements AuthToken {
    private final String token;
    private final long lifetime;
    private LocalDateTime expires;
-    public SimpleAuthToken(String token, long lifetime) {
+    public SimpleAuthToken(String token, long lifetime, LocalDateTime expires) {
        this.token = token;
        this.lifetime = lifetime;
        this.expires = expires;
    }
    @Override
@ -20,4 +24,9 @@ public final class SimpleAuthToken implements AuthToken {
        return this.lifetime;
    }
    @Override
    public LocalDateTime getExpires() {
        return this.expires;
    }
 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -5,7 +5,7 @@ spring.datasource.username=meals-made-easy-api-user
 spring.datasource.password=devpass
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 app.mealsmadeeasy.api.baseUrl=http://localhost:8080
-app.mealsmadeeasy.api.security.access-token-lifetime=60
+app.mealsmadeeasy.api.security.access-token-lifetime=10
 app.mealsmadeeasy.api.security.refresh-token-lifetime=120
 app.mealsmadeeasy.api.minio.endpoint=http://localhost:9000
 app.mealsmadeeasy.api.minio.accessKey=minio-root