Add Refresh Token

Author: germanfica

src/main/java/com/bezkoder/springjwt/controllers/AuthController.java

@@ -7,6 +7,12 @@
 
 import javax.validation.Valid;
 
+import com.bezkoder.springjwt.exception.TokenRefreshException;
+import com.bezkoder.springjwt.models.RefreshToken;
+import com.bezkoder.springjwt.payload.request.LogOutRequest;
+import com.bezkoder.springjwt.payload.request.TokenRefreshRequest;
+import com.bezkoder.springjwt.payload.response.TokenRefreshResponse;
+import com.bezkoder.springjwt.security.services.RefreshTokenService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -48,6 +54,9 @@ public class AuthController {
   @Autowired
   PasswordEncoder encoder;
 
+  @Autowired
+  RefreshTokenService refreshTokenService;
+
   @Autowired
   JwtUtils jwtUtils;
 
@@ -65,11 +74,17 @@ public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest login
         .map(item -> item.getAuthority())
         .collect(Collectors.toList());
 
-    return ResponseEntity.ok(new JwtResponse(jwt, 
-                         userDetails.getId(), 
-                         userDetails.getUsername(), 
-                         userDetails.getEmail(), 
-                         roles));
+    RefreshToken refreshToken = refreshTokenService.createRefreshToken(userDetails.getId());
+
+    return ResponseEntity.ok(
+            new JwtResponse(
+                    jwt,
+                    refreshToken.getToken(),
+                    userDetails.getId(),
+                    userDetails.getUsername(),
+                    userDetails.getEmail(),
+                    roles
+            ));
   }
 
   @PostMapping("/signup")
@@ -126,4 +141,25 @@ public ResponseEntity<?> registerUser(@Valid @RequestBody SignupRequest signUpRe
 
     return ResponseEntity.ok(new MessageResponse("User registered successfully!"));
   }
+
+  @PostMapping("/refreshtoken")
+  public ResponseEntity<?> refreshtoken(@Valid @RequestBody TokenRefreshRequest request) {
+    String requestRefreshToken = request.getRefreshToken();
+
+    return refreshTokenService.findByToken(requestRefreshToken)
+            .map(refreshTokenService::verifyExpiration)
+            .map(RefreshToken::getUser)
+            .map(user -> {
+              String token = jwtUtils.generateTokenFromUsername(user.getUsername());
+              return ResponseEntity.ok(new TokenRefreshResponse(token, requestRefreshToken));
+            })
+            .orElseThrow(() -> new TokenRefreshException(requestRefreshToken,
+                    "Refresh token is not in database!"));
+  }
+
+  @PostMapping("/logout")
+  public ResponseEntity<?> logoutUser(@Valid @RequestBody LogOutRequest logOutRequest) {
+    refreshTokenService.deleteByUserId(logOutRequest.getUserId());
+    return ResponseEntity.ok(new MessageResponse("Log out successful!"));
+  }
 }

src/main/java/com/bezkoder/springjwt/exception/TokenRefreshException.java

@@ -0,0 +1,14 @@
+package com.bezkoder.springjwt.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.FORBIDDEN)
+public class TokenRefreshException extends RuntimeException {
+
+    private static final long serialVersionUID = 1L;
+
+    public TokenRefreshException(String token, String message) {
+        super(String.format("Failed for [%s]: %s", token, message));
+    }
+}

src/main/java/com/bezkoder/springjwt/models/RefreshToken.java

@@ -0,0 +1,58 @@
+package com.bezkoder.springjwt.models;
+
+import java.time.Instant;
+
+import javax.persistence.*;
+
+@Entity(name = "refreshtoken")
+public class RefreshToken {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private long id;
+
+    @OneToOne
+    @JoinColumn(name = "user_id", referencedColumnName = "id")
+    private User user;
+
+    @Column(nullable = false, unique = true)
+    private String token;
+
+    @Column(nullable = false)
+    private Instant expiryDate;
+
+    public RefreshToken() {
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(long id) {
+        this.id = id;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public Instant getExpiryDate() {
+        return expiryDate;
+    }
+
+    public void setExpiryDate(Instant expiryDate) {
+        this.expiryDate = expiryDate;
+    }
+
+}

src/main/java/com/bezkoder/springjwt/payload/request/LogOutRequest.java

@@ -0,0 +1,9 @@
+package com.bezkoder.springjwt.payload.request;
+
+public class LogOutRequest {
+    private Long userId;
+
+    public Long getUserId() {
+        return this.userId;
+    }
+}

src/main/java/com/bezkoder/springjwt/payload/request/TokenRefreshRequest.java

@@ -0,0 +1,16 @@
+package com.bezkoder.springjwt.payload.request;
+
+import javax.validation.constraints.NotBlank;
+
+public class TokenRefreshRequest {
+    @NotBlank
+    private String refreshToken;
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+}

src/main/java/com/bezkoder/springjwt/payload/response/JwtResponse.java

@@ -5,13 +5,15 @@
 public class JwtResponse {
   private String token;
   private String type = "Bearer";
+  private String refreshToken;
   private Long id;
   private String username;
   private String email;
   private List<String> roles;
 
-  public JwtResponse(String accessToken, Long id, String username, String email, List<String> roles) {
+  public JwtResponse(String accessToken, String refreshToken, Long id, String username, String email, List<String> roles) {
     this.token = accessToken;
+    this.refreshToken = refreshToken;
     this.id = id;
     this.username = username;
     this.email = email;
@@ -61,4 +63,12 @@ public void setUsername(String username) {
   public List<String> getRoles() {
     return roles;
   }
+
+  public String getRefreshToken() {
+    return refreshToken;
+  }
+
+  public void setRefreshToken(String refreshToken) {
+    this.refreshToken = refreshToken;
+  }
 }

src/main/java/com/bezkoder/springjwt/payload/response/TokenRefreshResponse.java

@@ -0,0 +1,37 @@
+package com.bezkoder.springjwt.payload.response;
+
+public class TokenRefreshResponse {
+    private String accessToken;
+    private String refreshToken;
+    private String tokenType = "Bearer";
+
+    public TokenRefreshResponse(String accessToken, String refreshToken) {
+        this.accessToken = accessToken;
+        this.refreshToken = refreshToken;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public void setAccessToken(String token) {
+        this.accessToken = token;
+    }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    public void setTokenType(String tokenType) {
+        this.tokenType = tokenType;
+    }
+
+}

src/main/java/com/bezkoder/springjwt/repository/RefreshTokenRepository.java

@@ -0,0 +1,17 @@
+package com.bezkoder.springjwt.repository;
+
+import java.util.Optional;
+
+import com.bezkoder.springjwt.models.RefreshToken;
+import com.bezkoder.springjwt.models.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> {
+    Optional<RefreshToken> findByToken(String token);
+
+    @Modifying
+    int deleteByUser(User user);
+}

src/main/java/com/bezkoder/springjwt/security/jwt/JwtUtils.java

@@ -33,6 +33,12 @@ public String generateJwtToken(Authentication authentication) {
         .compact();
   }
 
+  public String generateTokenFromUsername(String username) {
+    return Jwts.builder().setSubject(username).setIssuedAt(new Date())
+            .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)).signWith(SignatureAlgorithm.HS512, jwtSecret)
+            .compact();
+  }
+
   public String getUserNameFromJwtToken(String token) {
     return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
   }

src/main/java/com/bezkoder/springjwt/security/services/RefreshTokenService.java

@@ -0,0 +1,55 @@
+package com.bezkoder.springjwt.security.services;
+
+import java.time.Instant;
+import java.util.Optional;
+import java.util.UUID;
+
+import com.bezkoder.springjwt.exception.TokenRefreshException;
+import com.bezkoder.springjwt.models.RefreshToken;
+import com.bezkoder.springjwt.repository.RefreshTokenRepository;
+import com.bezkoder.springjwt.repository.UserRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+public class RefreshTokenService {
+    @Value("${bezkoder.app.jwtRefreshExpirationMs}")
+    private Long refreshTokenDurationMs;
+
+    @Autowired
+    private RefreshTokenRepository refreshTokenRepository;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    public Optional<RefreshToken> findByToken(String token) {
+        return refreshTokenRepository.findByToken(token);
+    }
+
+    public RefreshToken createRefreshToken(Long userId) {
+        RefreshToken refreshToken = new RefreshToken();
+
+        refreshToken.setUser(userRepository.findById(userId).get());
+        refreshToken.setExpiryDate(Instant.now().plusMillis(refreshTokenDurationMs));
+        refreshToken.setToken(UUID.randomUUID().toString());
+
+        refreshToken = refreshTokenRepository.save(refreshToken);
+        return refreshToken;
+    }
+
+    public RefreshToken verifyExpiration(RefreshToken token) {
+        if (token.getExpiryDate().compareTo(Instant.now()) < 0) {
+            refreshTokenRepository.delete(token);
+            throw new TokenRefreshException(token.getToken(), "Refresh token was expired. Please make a new signin request");
+        }
+
+        return token;
+    }
+
+    @Transactional
+    public int deleteByUserId(Long userId) {
+        return refreshTokenRepository.deleteByUser(userRepository.findById(userId).get());
+    }
+}