How to enable refresh token?

[rngallen]

How can I have refresh token when user authenticated?

[TomasVaras]

im trying to implement just that, this middleware only checks for the token on the header so I don't think you could implement a refresh token strategy with this middleware.

So lets say you have a jwt token that lasts for 30 min and you have a refresh token for 24 hours, you could do something like this.

func Protected() fiber.Handler {

    return func(c *fiber.Ctx) error {

        token := c.Cookies("token")

        err := utilities.JwtChecker(token)

        if err != nil {

            refreshToken := c.Cookies("refresh_token")

            if refreshToken == "" {
                return c.SendStatus(fiber.StatusUnauthorized)
            }

            refreshClaims := new(utilities.Claims)

            err := utilities.JwtDecoder(refreshToken, refreshClaims)

            if err != nil {
                return c.SendStatus(fiber.StatusUnauthorized)
            }

            //go find the user by userid

            var user db.UserSchema

            // if the user does not exist wich its going to be
            // strange if it reaches this point, just send and internal status error

            if err := db.GetUserById(refreshClaims.UserId, &user); err != nil {
                return c.SendStatus(fiber.StatusInternalServerError)
            }

            // generate new claims

            claims := jwt.MapClaims{
                "name":    user.Name,
                "email":   user.Email,
                "userId":  user.UserId,
                "project": user.Project,
                "exp":     time.Now().Add(time.Minute * 30).Unix(),
            }

            // create and sign the token

            token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

            signinKey := []byte(os.Getenv("JWT_KEY"))

            t, tokenErr := token.SignedString(signinKey)

            if tokenErr != nil {
                return c.SendStatus(fiber.StatusInternalServerError)
            }

            c.Cookie(&fiber.Cookie{
                Name:     "token",
                Value:    t,
                HTTPOnly: true,
                Expires:  time.Now().Add(time.Minute * 30),
            })

            return c.Next()

        }

        return c.Next()

    }
}

also you could replace the refresh token if its close to expiring

func RefreshTokenUpdate() fiber.Handler {

    return func(c *fiber.Ctx) error {

        refreshToken := c.Cookies("refresh_token")

        if refreshToken == "" {
            return c.SendStatus(fiber.StatusUnauthorized)
        }

        refreshClaims := new(utilities.Claims)

        err := utilities.JwtDecoder(refreshToken, refreshClaims)

        if err != nil {
            return c.SendStatus(fiber.StatusUnauthorized)
        }

        expTime := time.Unix(refreshClaims.ExpiresAt.Unix(), 0)

        diff := expTime.Sub(time.Now())

        // fmt.Printf("Token expires in %.2f hours\n", diff.Hours())

        if diff <= 5*time.Hour {
            // create new refresh token

            refreshClaims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Hour * 24))

            newRefreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, refreshClaims)

            signinKey := []byte(os.Getenv("JWT_KEY"))

            rt, rTokenErr := newRefreshToken.SignedString(signinKey)

            if rTokenErr != nil {
                return c.SendStatus(fiber.StatusInternalServerError)
            }

            c.Cookie(&fiber.Cookie{
                Name:     "refresh_token",
                Value:    rt,
                Expires:  time.Now().Add(24 * time.Hour),
                HTTPOnly: true,
            })
        }

        return c.Next()

    }

}