From 0763153865e2157e0d06c946993dd8b235b06c83 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Wed, 3 Dec 2025 05:45:41 +0900
Subject: feat(auth): add refresh token endpoint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implement refresh token functionality for authentication:
- Add refresh_tokens table to database schema with user reference
- Generate migration for the new table
- Login endpoint now returns both access token and refresh token
- Add POST /api/auth/refresh endpoint with token rotation
- Refresh tokens are hashed (SHA256) before storage for security
- Tokens expire after 7 days, access tokens after 15 minutes
- Update tests to cover new functionality

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 pkgs/server/src/db/schema.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'pkgs/server/src/db')

diff --git a/pkgs/server/src/db/schema.ts b/pkgs/server/src/db/schema.ts
index 23f19d1..4b9631f 100644
--- a/pkgs/server/src/db/schema.ts
+++ b/pkgs/server/src/db/schema.ts
@@ -37,6 +37,18 @@ export const users = pgTable("users", {
 		.defaultNow(),
 });
 
+export const refreshTokens = pgTable("refresh_tokens", {
+	id: uuid("id").primaryKey().defaultRandom(),
+	userId: uuid("user_id")
+		.notNull()
+		.references(() => users.id, { onDelete: "cascade" }),
+	tokenHash: varchar("token_hash", { length: 255 }).notNull(),
+	expiresAt: timestamp("expires_at", { withTimezone: true }).notNull(),
+	createdAt: timestamp("created_at", { withTimezone: true })
+		.notNull()
+		.defaultNow(),
+});
+
 export const decks = pgTable("decks", {
 	id: uuid("id").primaryKey().defaultRandom(),
 	userId: uuid("user_id")
-- 
cgit v1.2.3-70-g09d2