update access token

build.sbt

@@ -2,7 +2,7 @@ ThisBuild / organization := "app.softnetwork"
 
 name := "account"
 
-ThisBuild / version := "0.6.2"
+ThisBuild / version := "0.6.2.1"
 
 ThisBuild / scalaVersion := "2.12.18"
 

common/src/main/protobuf/model/auth.proto

@@ -67,13 +67,14 @@ message AuthorizationCode {
 
 message AccessToken {
     option (scalapb.message).extends = "ProtobufDomainObject";
-    option (scalapb.message).extends = "VerificationExpirationDate";
+    option (scalapb.message).extends = "AccessTokenDecorator";
     option (scalapb.message).companion_extends = "AccessTokenCompanion";
     required string token = 1;
     required string tokenType = 2 [default = "Bearer"];
     optional string scope = 3;
     required google.protobuf.Timestamp expirationDate = 4 [(scalapb.field).type = "java.time.Instant"];
     required string refreshToken = 5;
+    optional google.protobuf.Timestamp refreshExpirationDate = 6 [(scalapb.field).type = "java.time.Instant"];
 }
 
 message Application {

common/src/main/resources/reference.conf

@@ -122,7 +122,12 @@ auth {
 
     access-token {
       expirationTime = 30
-      expirationTime = ${?AUTH_ACTIVATION_TOKEN_EXPIRATION_TIME}
+      expirationTime = ${?AUTH_ACCESS_TOKEN_EXPIRATION_TIME}
+    }
+
+    refresh-token {
+      expirationTime = 525600 // 60 * 24 * 365
+      expirationTime = ${?AUTH_REFRESH_TOKEN_EXPIRATION_TIME}
     }
 
     providers {

common/src/main/scala/app/softnetwork/account/config/OAuthConfig.scala

@@ -9,11 +9,18 @@ case class OAuthProvider(
 
 case class AuthorizationCode(expirationTime: Int)
 
-case class AccessToken(expirationTime: Int)
+sealed trait Token {
+  def expirationTime: Int
+}
+
+case class AccessToken(expirationTime: Int) extends Token
+
+case class RefreshToken(expirationTime: Int) extends Token
 
 case class OAuthConfig(
   path: String,
   authorizationCode: AuthorizationCode,
   accessToken: AccessToken,
+  refreshToken: RefreshToken,
   providers: Map[String, OAuthProvider]
 )

common/src/main/scala/app/softnetwork/account/message/package.scala

@@ -204,7 +204,8 @@ package object message {
     access_token: String,
     token_type: String,
     expires_in: Int,
-    refresh_token: String
+    refresh_token: String,
+    refresh_token_expires_in: Option[Int] = None
   )
 
   case class OAuthSucceededResult(account: Account, application: Application)

common/src/main/scala/app/softnetwork/account/model/ExpirationDate.scala

@@ -31,6 +31,8 @@ trait ExpirationToken extends ExpirationDate {
 trait VerificationExpirationDate {
   def expirationDate: Instant
   final def expired: Boolean = Specification(ExpirationDateRule).isSatisfiedBy(this)
+  final def expiresIn: Int =
+    Math.max(0, (expirationDate.getEpochSecond - Instant.now().getEpochSecond).toInt)
 }
 
 case object ExpirationDateRule extends Rule[VerificationExpirationDate] {
@@ -81,7 +83,19 @@ trait AccessTokenCompanion extends ExpirationToken {
       .withToken(generateToken(prefix))
       .withExpirationDate(compute(OAuthSettings.accessToken.expirationTime))
       .withRefreshToken(generateToken(prefix))
+      .withRefreshExpirationDate(compute(OAuthSettings.refreshToken.expirationTime))
       .copy(scope = scope)
   }
 
 }
+
+trait AccessTokenDecorator extends VerificationExpirationDate { _: AccessToken =>
+  private lazy val refreshVerification: Option[VerificationExpirationDate] =
+    refreshExpirationDate.map(exp =>
+      new VerificationExpirationDate {
+        override def expirationDate: Instant = exp
+      }
+    )
+  def refreshExpired: Boolean = refreshVerification.exists(_.expired)
+  def refreshExpiresIn: Option[Int] = refreshVerification.map(_.expiresIn)
+}

core/src/main/scala/app/softnetwork/account/persistence/typed/AccountBehavior.scala

@@ -479,7 +479,7 @@ trait AccountBehavior[T <: Account with AccountDecorator, P <: Profile]
           case Some(account) if account.status.isActive =>
             import cmd._
             account.applications.find(
-              _.accessToken.map(_.refreshToken).getOrElse("") == sha256(refreshToken)
+              _.accessToken.exists(ac => ac.refreshToken == sha256(refreshToken) && !ac.expired)
             ) match {
               case Some(application) =>
                 val accessToken =

core/src/main/scala/app/softnetwork/account/service/OAuthService.scala

@@ -100,8 +100,9 @@ trait OAuthService[SD <: SessionData with SessionDataDecorator[SD]]
                     Tokens(
                       r.accessToken.token,
                       r.accessToken.tokenType.toLowerCase(),
-                      AccountSettings.OAuthSettings.accessToken.expirationTime * 60,
-                      r.accessToken.refreshToken
+                      r.accessToken.expiresIn,
+                      r.accessToken.refreshToken,
+                      r.accessToken.refreshExpiresIn
                     )
                   )
                 case error: AccountErrorMessage =>
@@ -124,8 +125,9 @@ trait OAuthService[SD <: SessionData with SessionDataDecorator[SD]]
                     Tokens(
                       r.accessToken.token,
                       r.accessToken.tokenType.toLowerCase(),
-                      AccountSettings.OAuthSettings.accessToken.expirationTime * 60,
-                      r.accessToken.refreshToken
+                      r.accessToken.expiresIn,
+                      r.accessToken.refreshToken,
+                      r.accessToken.refreshExpiresIn
                     )
                   )
                 case error: AccountErrorMessage =>

core/src/main/scala/app/softnetwork/account/service/OAuthServiceEndpoints.scala

@@ -164,8 +164,9 @@ trait OAuthServiceEndpoints[SD <: SessionData with SessionDataDecorator[SD]]
                 Tokens(
                   r.accessToken.token,
                   r.accessToken.tokenType.toLowerCase(),
-                  AccountSettings.OAuthSettings.accessToken.expirationTime * 60,
-                  r.accessToken.refreshToken
+                  r.accessToken.expiresIn,
+                  r.accessToken.refreshToken,
+                  r.accessToken.refreshExpiresIn
                 )
               )
             case error: AccountErrorMessage =>
@@ -180,8 +181,9 @@ trait OAuthServiceEndpoints[SD <: SessionData with SessionDataDecorator[SD]]
                 Tokens(
                   r.accessToken.token,
                   r.accessToken.tokenType.toLowerCase(),
-                  AccountSettings.OAuthSettings.accessToken.expirationTime * 60,
-                  r.accessToken.refreshToken
+                  r.accessToken.expiresIn,
+                  r.accessToken.refreshToken,
+                  r.accessToken.refreshExpiresIn
                 )
               )
             case error: AccountErrorMessage =>