Add full refresh token and access token function

Signed-off-by: Asai Neko <sugar@sne.moe>
2025-12-25 16:13:05 +08:00
parent 32a27d974a
commit 3a86d387bd
13 changed files with 274 additions and 195 deletions
--- a/service/auth/handler.go
+++ b/service/auth/handler.go
@@ -5,4 +5,5 @@ import "github.com/gin-gonic/gin"
 func Handler(r *gin.RouterGroup) {
 	r.POST("/magic", RequestMagicLink)
 	r.GET("/magic/verify", VerifyMagicLink)
+	r.POST("/refresh", Refresh)
 }
--- a/service/auth/magic.go
+++ b/service/auth/magic.go
@@ -3,7 +3,7 @@ package auth
 import (
 	"net/http"
 	"nixcn-cms/data"
-	"nixcn-cms/internal/crypto/jwt"
+	"nixcn-cms/internal/cryptography"
 	"nixcn-cms/pkgs/email"
 	"nixcn-cms/pkgs/magiclink"
 	"nixcn-cms/pkgs/turnstile"
@@ -61,14 +61,14 @@ func RequestMagicLink(c *gin.Context) {

 func VerifyMagicLink(c *gin.Context) {
 	// Get token from url
-	token := c.Query("token")
-	if token == "" {
+	magicToken := c.Query("token")
+	if magicToken == "" {
 		c.JSON(400, gin.H{"error": "missing token"})
 		return
 	}

 	// Verify email token
-	email, ok := magiclink.VerifyMagicToken(token)
+	email, ok := magiclink.VerifyMagicToken(magicToken)
 	if !ok {
 		c.JSON(401, gin.H{"error": "invalid or expired token"})
 		return
@@ -80,10 +80,19 @@ func VerifyMagicLink(c *gin.Context) {
 	if err != nil {
 		c.JSON(http.StatusUnauthorized, gin.H{"status": "user not found"})
 	}
-	jwtToken, _ := jwt.GenerateToken(userInfo.UserId, "application")
+	JwtTool := cryptography.Token{
+		UserID:      userInfo.UserId,
+		Application: viper.GetString("server.application"),
+	}
+	accessToken, refreshToken, err := JwtTool.IssueTokens()
+	if err != nil {
+		c.JSON(500, gin.H{
+			"status": "error generating tokens",
+		})
+	}

 	c.JSON(200, gin.H{
-		"jwt_token": jwtToken,
-		"email":     email,
+		"access_token":  accessToken,
+		"refresh_token": refreshToken,
 	})
 }
--- a/service/auth/refresh.go
+++ b/service/auth/refresh.go
@@ -0,0 +1,34 @@
+package auth
+
+import (
+	"net/http"
+	"nixcn-cms/internal/cryptography"
+
+	"github.com/gin-gonic/gin"
+	"github.com/spf13/viper"
+)
+
+func Refresh(c *gin.Context) {
+	var req struct {
+		RefreshToken string `json:"refresh_token"`
+	}
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request"})
+		return
+	}
+
+	JwtTool := cryptography.Token{
+		Application: viper.GetString("server.application"),
+	}
+
+	access, err := JwtTool.RefreshAccessToken(req.RefreshToken)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid refresh token"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"access_token": access,
+	})
+}
--- a/service/checkin/handler.go
+++ b/service/checkin/handler.go
@@ -1,12 +1,12 @@
 package checkin

 import (
-	"nixcn-cms/internal/crypto/jwt"
+	"nixcn-cms/middleware"

 	"github.com/gin-gonic/gin"
 )

 func Handler(r *gin.RouterGroup) {
-	r.Use(jwt.JWTAuth())
+	r.Use(middleware.JWTAuth())
 	r.POST("", Checkin)
 }
--- a/service/user/handler.go
+++ b/service/user/handler.go
@@ -1,12 +1,12 @@
 package user

 import (
-	"nixcn-cms/internal/crypto/jwt"
+	"nixcn-cms/middleware"

 	"github.com/gin-gonic/gin"
 )

 func Handler(r *gin.RouterGroup) {
-	r.Use(jwt.JWTAuth())
+	r.Use(middleware.JWTAuth())
 	r.GET("/info", UserInfo)
 }