From b6003544c81bc17a0b8393a008ad43d805853018 Mon Sep 17 00:00:00 2001
From: Asai Neko <sugar@sne.moe>
Date: Sat, 27 Dec 2025 23:59:20 +0800
Subject: [PATCH] Add renew refresh token

Signed-off-by: Asai Neko <sugar@sne.moe>
---
 internal/cryptography/token.go | 39 ++++++++++++++++++++++++++++++++++
 service/auth/refresh.go        | 13 +++++++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/internal/cryptography/token.go b/internal/cryptography/token.go
index 167cd8d..364075b 100644
--- a/internal/cryptography/token.go
+++ b/internal/cryptography/token.go
@@ -128,6 +128,45 @@ func (self *Token) RefreshAccessToken(refreshToken string) (string, error) {
 	return self.GenerateAccessToken()
 }
 
+func (self *Token) RenewRefreshToken(refreshToken string) (string, error) {
+	err := self.RevokeRefreshToken(refreshToken)
+	if err != nil {
+		return "", err
+	}
+
+	refresh, err := self.GenerateRefreshToken()
+
+	// Store to redis
+	ctx := context.Background()
+	ttl := viper.GetDuration("ttl.refresh_ttl")
+
+	// refresh -> user
+	if err := data.Redis.Set(
+		ctx,
+		"refresh:"+refresh,
+		self.UserID.String(),
+		ttl,
+	).Err(); err != nil {
+		return "", err
+	}
+
+	// user -> refresh tokens
+	userSetKey := "user:" + self.UserID.String() + ":refresh_tokens"
+
+	if err := data.Redis.SAdd(
+		ctx,
+		userSetKey,
+		refresh,
+	).Err(); err != nil {
+		return "", err
+	}
+
+	// set user ttl >= all refresh token
+	_ = data.Redis.Expire(ctx, userSetKey, ttl).Err()
+
+	return refresh, nil
+}
+
 func (self *Token) RevokeRefreshToken(refreshToken string) error {
 	ctx := context.Background()
 
diff --git a/service/auth/refresh.go b/service/auth/refresh.go
index b9d9402..0aa7dde 100644
--- a/service/auth/refresh.go
+++ b/service/auth/refresh.go
@@ -27,7 +27,18 @@ func Refresh(c *gin.Context) {
 		return
 	}
 
+	err = JwtTool.RevokeRefreshToken(req.RefreshToken)
+	if err != nil {
+		c.JSON(500, gin.H{"status": "cannot revoke refresh token"})
+	}
+
+	refresh, err := JwtTool.GenerateRefreshToken()
+	if err != nil {
+		c.JSON(401, gin.H{"status": "cannot generate new refresh token"})
+	}
+
 	c.JSON(200, gin.H{
-		"access_token": access,
+		"access_token":  access,
+		"refresh_token": refresh,
 	})
 }