From 0763153865e2157e0d06c946993dd8b235b06c83 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Wed, 3 Dec 2025 05:45:41 +0900
Subject: feat(auth): add refresh token endpoint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implement refresh token functionality for authentication:
- Add refresh_tokens table to database schema with user reference
- Generate migration for the new table
- Login endpoint now returns both access token and refresh token
- Add POST /api/auth/refresh endpoint with token rotation
- Refresh tokens are hashed (SHA256) before storage for security
- Tokens expire after 7 days, access tokens after 15 minutes
- Update tests to cover new functionality

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 docs/dev/roadmap.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/dev/roadmap.md b/docs/dev/roadmap.md
index 33ec80b..17bac7d 100644
--- a/docs/dev/roadmap.md
+++ b/docs/dev/roadmap.md
@@ -29,7 +29,7 @@
 ### Authentication
 - [x] User registration endpoint
 - [x] Login endpoint (JWT)
-- [ ] Refresh token endpoint
+- [x] Refresh token endpoint
 - [ ] Auth middleware
 - [ ] Add tests
 
-- 
cgit v1.2.3-70-g09d2