Merge pull request #145 from ChayanDass/refresh-token

Refresh token functionality for password login

Tested-by: [email protected]
Reviewed-by: [email protected]

Author: deo002

cmd/laas/docs/docs.go

@@ -844,12 +844,7 @@ const docTemplate = `{
                     "200": {
                         "description": "JWT token",
                         "schema": {
-                            "type": "object",
-                            "properties": {
-                                "token": {
-                                    "type": "string"
-                                }
-                            }
+                            "$ref": "#/definitions/models.TokenResonse"
                         }
                     },
                     "401": {
@@ -2045,6 +2040,47 @@ const docTemplate = `{
                 }
             }
         },
+        "/refresh-token": {
+            "post": {
+                "description": "verify refresh token and get new access token",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Users"
+                ],
+                "summary": "Verify refresh token",
+                "operationId": "RefreshToken",
+                "parameters": [
+                    {
+                        "description": "Refresh token payload",
+                        "name": "user",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.RefreshToken"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": " JWT token",
+                        "schema": {
+                            "$ref": "#/definitions/models.TokenResonse"
+                        }
+                    },
+                    "401": {
+                        "description": "Invalid or expired refresh token",
+                        "schema": {
+                            "$ref": "#/definitions/models.LicenseError"
+                        }
+                    }
+                }
+            }
+        },
         "/search": {
             "post": {
                 "security": [
@@ -3467,6 +3503,15 @@ const docTemplate = `{
                 }
             }
         },
+        "models.RefreshToken": {
+            "type": "object",
+            "properties": {
+                "refresh_token": {
+                    "type": "string",
+                    "example": "your_refresh_token_here"
+                }
+            }
+        },
         "models.RiskLicenseCount": {
             "type": "object",
             "properties": {
@@ -3573,6 +3618,35 @@ const docTemplate = `{
                 }
             }
         },
+        "models.TokenResonse": {
+            "type": "object",
+            "properties": {
+                "data": {
+                    "$ref": "#/definitions/models.Tokens"
+                },
+                "meta": {},
+                "status": {
+                    "type": "integer"
+                }
+            }
+        },
+        "models.Tokens": {
+            "type": "object",
+            "properties": {
+                "access_token": {
+                    "type": "string",
+                    "example": "your_access_token_here"
+                },
+                "expires_in": {
+                    "type": "integer",
+                    "example": 3600
+                },
+                "refresh_token": {
+                    "type": "string",
+                    "example": "your_refresh_token_here"
+                }
+            }
+        },
         "models.User": {
             "type": "object",
             "properties": {

cmd/laas/docs/swagger.json

@@ -837,12 +837,7 @@
                     "200": {
                         "description": "JWT token",
                         "schema": {
-                            "type": "object",
-                            "properties": {
-                                "token": {
-                                    "type": "string"
-                                }
-                            }
+                            "$ref": "#/definitions/models.TokenResonse"
                         }
                     },
                     "401": {
@@ -2038,6 +2033,47 @@
                 }
             }
         },
+        "/refresh-token": {
+            "post": {
+                "description": "verify refresh token and get new access token",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Users"
+                ],
+                "summary": "Verify refresh token",
+                "operationId": "RefreshToken",
+                "parameters": [
+                    {
+                        "description": "Refresh token payload",
+                        "name": "user",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.RefreshToken"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": " JWT token",
+                        "schema": {
+                            "$ref": "#/definitions/models.TokenResonse"
+                        }
+                    },
+                    "401": {
+                        "description": "Invalid or expired refresh token",
+                        "schema": {
+                            "$ref": "#/definitions/models.LicenseError"
+                        }
+                    }
+                }
+            }
+        },
         "/search": {
             "post": {
                 "security": [
@@ -3460,6 +3496,15 @@
                 }
             }
         },
+        "models.RefreshToken": {
+            "type": "object",
+            "properties": {
+                "refresh_token": {
+                    "type": "string",
+                    "example": "your_refresh_token_here"
+                }
+            }
+        },
         "models.RiskLicenseCount": {
             "type": "object",
             "properties": {
@@ -3566,6 +3611,35 @@
                 }
             }
         },
+        "models.TokenResonse": {
+            "type": "object",
+            "properties": {
+                "data": {
+                    "$ref": "#/definitions/models.Tokens"
+                },
+                "meta": {},
+                "status": {
+                    "type": "integer"
+                }
+            }
+        },
+        "models.Tokens": {
+            "type": "object",
+            "properties": {
+                "access_token": {
+                    "type": "string",
+                    "example": "your_access_token_here"
+                },
+                "expires_in": {
+                    "type": "integer",
+                    "example": 3600
+                },
+                "refresh_token": {
+                    "type": "string",
+                    "example": "your_refresh_token_here"
+                }
+            }
+        },
         "models.User": {
             "type": "object",
             "properties": {

cmd/laas/docs/swagger.yaml

@@ -694,6 +694,12 @@ definitions:
       user_password:
         type: string
     type: object
+  models.RefreshToken:
+    properties:
+      refresh_token:
+        example: your_refresh_token_here
+        type: string
+    type: object
   models.RiskLicenseCount:
     properties:
       count:
@@ -767,6 +773,26 @@ definitions:
         example: 200
         type: integer
     type: object
+  models.TokenResonse:
+    properties:
+      data:
+        $ref: '#/definitions/models.Tokens'
+      meta: {}
+      status:
+        type: integer
+    type: object
+  models.Tokens:
+    properties:
+      access_token:
+        example: your_access_token_here
+        type: string
+      expires_in:
+        example: 3600
+        type: integer
+      refresh_token:
+        example: your_refresh_token_here
+        type: string
+    type: object
   models.User:
     properties:
       display_name:
@@ -1400,10 +1426,7 @@ paths:
         "200":
           description: JWT token
           schema:
-            properties:
-              token:
-                type: string
-            type: object
+            $ref: '#/definitions/models.TokenResonse'
         "401":
           description: Incorrect username or password
           schema:
@@ -2177,6 +2200,33 @@ paths:
       summary: Adds a new oidc client
       tags:
       - OIDC Clients
+  /refresh-token:
+    post:
+      consumes:
+      - application/json
+      description: verify refresh token and get new access token
+      operationId: RefreshToken
+      parameters:
+      - description: Refresh token payload
+        in: body
+        name: user
+        required: true
+        schema:
+          $ref: '#/definitions/models.RefreshToken'
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: ' JWT token'
+          schema:
+            $ref: '#/definitions/models.TokenResonse'
+        "401":
+          description: Invalid or expired refresh token
+          schema:
+            $ref: '#/definitions/models.LicenseError'
+      summary: Verify refresh token
+      tags:
+      - Users
   /search:
     post:
       consumes:

cmd/laas/main.go

@@ -2,6 +2,7 @@
 // SPDX-FileCopyrightText: 2023 Siemens AG
 // SPDX-FileContributor: Gaurav Mishra <[email protected]>
 // SPDX-FileContributor: Dearsh Oberoi <[email protected]>
+// SPDX-FileContributor: 2025 Chayan Das <[email protected]>
 //
 // SPDX-License-Identifier: GPL-2.0-only
 
@@ -16,12 +17,14 @@ import (
 	"github.com/joho/godotenv"
 	"github.com/lestrrat-go/httprc/v3"
 	"github.com/lestrrat-go/jwx/v3/jwk"
+	"go.uber.org/zap"
 
 	_ "github.com/dave/jennifer/jen"
 	_ "github.com/fossology/LicenseDb/cmd/laas/docs"
 	"github.com/fossology/LicenseDb/pkg/api"
 	"github.com/fossology/LicenseDb/pkg/auth"
 	"github.com/fossology/LicenseDb/pkg/db"
+	logger "github.com/fossology/LicenseDb/pkg/log"
 	"github.com/fossology/LicenseDb/pkg/utils"
 	"github.com/fossology/LicenseDb/pkg/validations"
 )
@@ -42,18 +45,19 @@ func main() {
 
 	flag.Parse()
 
-	if os.Getenv("TOKEN_HOUR_LIFESPAN") == "" || os.Getenv("API_SECRET") == "" || os.Getenv("DEFAULT_ISSUER") == "" {
-		log.Fatal("Mandatory environment variables not configured")
+	if os.Getenv("TOKEN_HOUR_LIFESPAN") == "" || os.Getenv("API_SECRET") == "" || os.Getenv("DEFAULT_ISSUER") == "" ||
+		os.Getenv("REFRESH_TOKEN_HOUR_LIFESPAN") == "" || os.Getenv("REFRESH_TOKEN_SECRET") == "" {
+		logger.LogFatal("Mandatory environment variables not configured")
 	}
 
 	if os.Getenv("JWKS_URI") != "" {
 		cache, err := jwk.NewCache(context.Background(), httprc.NewClient())
 		if err != nil {
-			log.Fatalf("Failed to create a jwk.Cache from the oidc provider's URL: %s", err)
+			logger.LogFatal("Failed to create a jwk.Cache from the oidc provider's URL:", zap.Error(err))
 		}
 
 		if err := cache.Register(context.Background(), os.Getenv("JWKS_URI")); err != nil {
-			log.Fatalf("Failed to create a jwk.Cache from the oidc provider's URL: %s", err)
+			logger.LogFatal("Failed to create a jwk.Cache from the oidc provider's URL:", zap.Error(err))
 		}
 
 		auth.Jwks = cache
@@ -78,6 +82,6 @@ func main() {
 	r := api.Router()
 
 	if err := r.Run(); err != nil {
-		log.Fatalf("Error while running the server: %v", err)
+		logger.LogFatal("Error while running the server:", zap.Error(err))
 	}
 }

configs/.env.dev.example

@@ -1,10 +1,17 @@
 # SPDX-License-Identifier: GPL-2.0-only
 # SPDX-FileCopyrightText: FOSSology contributors
+#SPDX-FileContributor: 2025 Chayan Das <[email protected]>
 
-# How long the token can be valid
-TOKEN_HOUR_LIFESPAN=24
+# How long the token can be valid(1 hour )
+TOKEN_HOUR_LIFESPAN=1
 # Secret key to sign tokens (openssl rand -hex 32)
 API_SECRET=some-random-string
+
+# refresh token information(30 days)
+REFRESH_TOKEN_HOUR_LIFESPAN=720
+REFRESH_TOKEN_SECRET=some-other-random-string
+
+
 READ_API_AUTHENTICATION_ENABLED=false
 
 PORT=8080