notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add refresh token support with /api/auth/refresh endpoint

Browse Source 
- RefreshToken entity added with 1-token-per-user logic.
- JWT can be renewed without full login using refresh token.
This commit is contained in:
K
2025-07-03 03:15:31 +05:30
parent 178a32f908
commit 2379d95759
6 changed files with 138 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/skycrate/backend/skycrateBackend/services/RefreshTokenService.java
+42
View File
@@ -0,0 +1,42 @@
package com.skycrate.backend.skycrateBackend.services;
import com.skycrate.backend.skycrateBackend.entity.RefreshToken;
import com.skycrate.backend.skycrateBackend.entity.User;
import com.skycrate.backend.skycrateBackend.repository.RefreshTokenRepository;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.time.Instant;
import java.util.Optional;
import java.util.UUID;
@Service
public class RefreshTokenService {
private final RefreshTokenRepository refreshTokenRepo;
@Value("${security.jwt.refresh-expiry-ms:604800000}") // 7 days default
private Long refreshTokenDurationMs;
public RefreshTokenService(RefreshTokenRepository refreshTokenRepo) {
this.refreshTokenRepo = refreshTokenRepo;
}
public RefreshToken createRefreshToken(User user) {
refreshTokenRepo.deleteByUser(user); // Allow only 1 active token per user
RefreshToken token = new RefreshToken();
token.setUser(user);
token.setExpiryDate(Instant.now().plusMillis(refreshTokenDurationMs));
token.setToken(UUID.randomUUID().toString());
return refreshTokenRepo.save(token);
}
public Optional<RefreshToken> findByToken(String token) {
return refreshTokenRepo.findByToken(token);
}
public boolean isExpired(RefreshToken token) {
return token.getExpiryDate().isBefore(Instant.now());
}
}