From 7fa7e87e88b9c9e34c93cbe9b9098d2937b67909 Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Wed, 11 Jun 2025 18:47:59 +0200
Subject: [PATCH] feat: token sign with meta data

---
 internal/auth/routes.go | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/internal/auth/routes.go b/internal/auth/routes.go
index 7ac89e9..054b8ae 100644
--- a/internal/auth/routes.go
+++ b/internal/auth/routes.go
@@ -11,6 +11,7 @@ import (
 	"gitea.local/admin/hspguard/internal/util"
 	"github.com/go-chi/chi/v5"
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
 )
 
 type AuthHandler struct {
@@ -19,7 +20,24 @@ type AuthHandler struct {
 	cfg   *config.AppConfig
 }
 
-func (h *AuthHandler) signTokens(user *repository.User) (string, string, error) {
+type SignedToken struct {
+	Token     string
+	ExpiresAt time.Time
+	ID        uuid.UUID
+}
+
+func NewSignedToken(token string, expiresAt time.Time, jti uuid.UUID) *SignedToken {
+	return &SignedToken{
+		Token:     token,
+		ExpiresAt: expiresAt,
+		ID:        jti,
+	}
+}
+
+func (h *AuthHandler) signTokens(user *repository.User) (*SignedToken, *SignedToken, error) {
+	accessExpiresAt := time.Now().Add(15 * time.Minute)
+	accessJTI := uuid.New()
+
 	accessClaims := types.UserClaims{
 		UserEmail: user.Email,
 		IsAdmin:   user.IsAdmin,
@@ -27,15 +45,19 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
 			Issuer:    h.cfg.Uri,
 			Subject:   user.ID.String(),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
+			ExpiresAt: jwt.NewNumericDate(accessExpiresAt),
+			ID:        accessJTI.String(),
 		},
 	}
 
 	accessToken, err := util.SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
 	if err != nil {
-		return "", "", err
+		return nil, nil, err
 	}
 
+	refreshExpiresAt := time.Now().Add(30 * 24 * time.Hour)
+	refreshJTI := uuid.New()
+
 	refreshClaims := types.UserClaims{
 		UserEmail: user.Email,
 		IsAdmin:   user.IsAdmin,
@@ -43,16 +65,17 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
 			Issuer:    h.cfg.Uri,
 			Subject:   user.ID.String(),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
+			ExpiresAt: jwt.NewNumericDate(refreshExpiresAt),
+			ID:        refreshJTI.String(),
 		},
 	}
 
 	refreshToken, err := util.SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
 	if err != nil {
-		return "", "", err
+		return nil, nil, err
 	}
 
-	return accessToken, refreshToken, nil
+	return NewSignedToken(accessToken, accessExpiresAt, accessJTI), NewSignedToken(refreshToken, refreshExpiresAt, refreshJTI), nil
 }
 
 func NewAuthHandler(repo *repository.Queries, cache *cache.Client, cfg *config.AppConfig) *AuthHandler {