diff options
| author | nsfisis <nsfisis@gmail.com> | 2025-12-03 05:45:41 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2025-12-04 23:26:30 +0900 |
| commit | 0763153865e2157e0d06c946993dd8b235b06c83 (patch) | |
| tree | 8da68ed2e9c16bf121d59eae02e19b99f7f11fdc /pkgs/server/src/routes/auth.test.ts | |
| parent | f44390286378860b535e37ad045cb374a07aff5c (diff) | |
| download | kioku-0763153865e2157e0d06c946993dd8b235b06c83.tar.gz kioku-0763153865e2157e0d06c946993dd8b235b06c83.tar.zst kioku-0763153865e2157e0d06c946993dd8b235b06c83.zip | |
feat(auth): add refresh token endpoint
Implement refresh token functionality for authentication:
- Add refresh_tokens table to database schema with user reference
- Generate migration for the new table
- Login endpoint now returns both access token and refresh token
- Add POST /api/auth/refresh endpoint with token rotation
- Refresh tokens are hashed (SHA256) before storage for security
- Tokens expire after 7 days, access tokens after 15 minutes
- Update tests to cover new functionality
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Diffstat (limited to 'pkgs/server/src/routes/auth.test.ts')
| -rw-r--r-- | pkgs/server/src/routes/auth.test.ts | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/pkgs/server/src/routes/auth.test.ts b/pkgs/server/src/routes/auth.test.ts index 1dfba46..28bd558 100644 --- a/pkgs/server/src/routes/auth.test.ts +++ b/pkgs/server/src/routes/auth.test.ts @@ -43,6 +43,13 @@ vi.mock("../db", () => { username: "username", createdAt: "created_at", }, + refreshTokens: { + id: "id", + userId: "user_id", + tokenHash: "token_hash", + expiresAt: "expires_at", + createdAt: "created_at", + }, }; }); @@ -67,6 +74,7 @@ interface RegisterResponse { interface LoginResponse { accessToken?: string; + refreshToken?: string; user?: { id: string; username: string; @@ -188,6 +196,11 @@ describe("POST /login", () => { }), } as unknown as ReturnType<typeof db.select>); + // Mock the insert call for refresh token + vi.mocked(db.insert).mockReturnValueOnce({ + values: vi.fn().mockResolvedValue(undefined), + } as unknown as ReturnType<typeof db.insert>); + const res = await app.request("/api/auth/login", { method: "POST", headers: { "Content-Type": "application/json" }, @@ -201,6 +214,8 @@ describe("POST /login", () => { const body = (await res.json()) as LoginResponse; expect(body.accessToken).toBeDefined(); expect(typeof body.accessToken).toBe("string"); + expect(body.refreshToken).toBeDefined(); + expect(typeof body.refreshToken).toBe("string"); expect(body.user).toEqual({ id: "user-uuid-123", username: "testuser", |