feat: generate refresh token

internal/auth/routes.go

@@ -86,30 +86,55 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	claims := types.UserClaims{
+	accessClaims := types.UserClaims{
-		UserID: user.ID.String(),
+		UserEmail: user.Email,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Issuer:    "hspguard",
-			Subject:   user.Email,
+			Subject:   user.ID.String(),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
 		},
 	}
 
-	token, err := SignJwtToken(claims)
+	accessToken, err := SignJwtToken(accessClaims)
 	if err != nil {
 		web.Error(w, fmt.Sprintf("failed to generate access token: %v", err), http.StatusBadRequest)
 		return
 	}
 
+	refreshClaims := types.UserClaims{
+		UserEmail: user.Email,
+		RegisteredClaims: jwt.RegisteredClaims{
+			Issuer:    "hspguard",
+			Subject:   user.ID.String(),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
+		},
+	}
+
+	refreshToken, err := SignJwtToken(refreshClaims)
+	if err != nil {
+		web.Error(w, fmt.Sprintf("failed to generate refresh token: %v", err), http.StatusBadRequest)
+		return
+	}
+
 	encoder := json.NewEncoder(w)
 
 	type Response struct {
-		Token string `json:"token"`
+		AccessToken  string `json:"access"`
+		RefreshToken string `json:"refresh"`
+		// fields required for UI in account selector, e.g. email, full name and avatar
+		FullName string `json:"full_name"`
+		Email    string `json:"email"`
+		// Avatar
 	}
 
 	if err := encoder.Encode(Response{
-		Token: token,
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		FullName:     user.FullName,
+		Email:        user.Email,
+		// Avatar
 	}); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
 	}