@rivascva/dt-idl 1.1.101 → 1.1.103

package/dist/index.d.ts

@@ -1231,7 +1231,9 @@ interface components$1 {
             content: {
                 "application/json": {
                     /** @example ABCD.1234.abcd */
-                    token: string;
+                    accessToken: string;
+                    /** @example ABCD.1234.abcd */
+                    refreshToken: string;
                 };
             };
         };

package/go/auth/jwt.go

@@ -9,30 +9,39 @@ import (
 
 // ValidateToken validates the given JWT token using the provided secret.
 func ValidateToken(token string, secret string) (*jwt.Token, error) {
-	// create a JWT parser with the HS256 signing method
+	// create a parser with the HS256 signing method
 	parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
 
-	// validate the JWT token
+	// validate the token
 	parsedToken, err := parser.Parse(token, func(t *jwt.Token) (any, error) { return []byte(secret), nil })
 	if err != nil {
-		return nil, fmt.Errorf("unable to validate the JWT token: %w", err)
+		return nil, fmt.Errorf("unable to validate the token: %w", err)
+	}
+
+	// validate the token expiration time
+	expirationTime, err := parsedToken.Claims.GetExpirationTime()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get the expiration time from the token: %w", err)
+	}
+	if expirationTime.Before(time.Now()) {
+		return nil, fmt.Errorf("the token has expired")
 	}
 
 	return parsedToken, nil
 }
 
-// NewUserToken creates a new JWT token for the given user id.
-func NewUserToken(secret string, issuer string, userId string, duration time.Duration) (string, error) {
-	return newToken(secret, "user", issuer, userId, duration)
+// NewUserAccessToken creates a new JWT access token for the given user id.
+func NewUserAccessToken(accessTokenSecret string, issuer string, userId string, duration time.Duration) (string, error) {
+	return newAccessToken(accessTokenSecret, "user", issuer, userId, duration)
 }
 
-// NewServiceToken creates a new JWT token for the given service.
-func NewServiceToken(secret string, issuer string, service string, duration time.Duration) (string, error) {
-	return newToken(secret, "service", issuer, service, duration)
+// NewServiceAccessToken creates a new JWT access token for the given service.
+func NewServiceAccessToken(accessTokenSecret string, issuer string, service string, duration time.Duration) (string, error) {
+	return newAccessToken(accessTokenSecret, "service", issuer, service, duration)
 }
 
-// newToken creates a new JWT token.
-func newToken(secret string, ttype string, issuer string, subject string, duration time.Duration) (string, error) {
+// newAccessToken creates a new JWT access token.
+func newAccessToken(accessTokenSecret string, ttype string, issuer string, subject string, duration time.Duration) (string, error) {
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"type": ttype,
 		"iss":  issuer,
@@ -41,9 +50,9 @@ func newToken(secret string, ttype string, issuer string, subject string, durati
 		"exp":  time.Now().Add(duration).UnixMilli(),
 	})
 
-	s, err := t.SignedString([]byte(secret))
+	s, err := t.SignedString([]byte(accessTokenSecret))
 	if err != nil {
-		return "", fmt.Errorf("unable to sign the JWT token: %w", err)
+		return "", fmt.Errorf("unable to sign the access token: %w", err)
 	}
 
 	return s, nil

package/go/auth/models.go

@@ -2,11 +2,11 @@ package auth
 
 import "time"
 
-// DefaultServiceTokenDuration is the default duration for service tokens.
-const DefaultServiceTokenDuration = 60 * time.Minute
+// DefaultServiceAccessTokenDuration is the default duration for service access tokens.
+const DefaultServiceAccessTokenDuration = 60 * time.Minute
 
-// DefaultUserTokenDuration is the default duration for user tokens.
-const DefaultUserTokenDuration = 15 * time.Minute
+// DefaultUserAccessTokenDuration is the default duration for user access tokens.
+const DefaultUserAccessTokenDuration = 15 * time.Minute
 
 // DefaultServiceRefreshTokenDuration is the default duration for refresh tokens.
 const DefaultServiceRefreshTokenDuration = 7 * 24 * time.Hour

package/go/middlewares/middlewares.go

@@ -15,8 +15,8 @@ import (
 )
 
 // GetAuthMiddleware returns a middleware function that authenticates all requests, except for the login endpoints.
-// It adds the token to the request context.
-func GetAuthMiddleware(secret string) func(http.Handler) http.Handler {
+// It adds the JWT access token to the request context.
+func GetAuthMiddleware(accessTokenSecret string) func(http.Handler) http.Handler {
 	write := write.NewWrite("ERROR", log.NewLog().With("handler", "GetAuthMiddleware"))
 
 	return func(next http.Handler) http.Handler {
@@ -35,15 +35,15 @@ func GetAuthMiddleware(secret string) func(http.Handler) http.Handler {
 				return
 			}
 
-			// validate the token
-			token, err := auth.ValidateToken(arr[1], secret)
+			// validate the access token
+			accessToken, err := auth.ValidateToken(arr[1], accessTokenSecret)
 			if err != nil {
-				write.ResponseWithError(r.Context(), w, http.StatusUnauthorized, "invalid token")
+				write.ResponseWithError(r.Context(), w, http.StatusUnauthorized, "invalid access token")
 				return
 			}
 
-			// set the token in the request context
-			ctx := context.WithValue(r.Context(), models.TokenKey, token)
+			// set the access token in the request context
+			ctx := context.WithValue(r.Context(), models.AccessTokenKey, accessToken)
 			r = r.WithContext(ctx)
 
 			next.ServeHTTP(w, r)

package/go/models/constants.go

@@ -4,8 +4,8 @@ package models
 type ContextKey string
 
 const (
-	// TokenKey is the key used to set/get the JWT token in the request context.
-	TokenKey = ContextKey("token")
+	// AccessTokenKey is the key used to set/get the JWT access token in the request context.
+	AccessTokenKey = ContextKey("accessToken")
 	// RequestPathKey is the key used to set/get the request path in the request context.
 	RequestPathKey = ContextKey("requestPath")
 	// RequestMethodKey is the key used to set/get the request method in the request context.
@@ -17,6 +17,10 @@ const (
 type TokenType string
 
 const (
-	UserToken    TokenType = "user"
+	// RefreshToken represents a standard JWT refresh token.
+	RefreshToken TokenType = "refresh"
+	// UserToken represents a JWT access token for a user.
+	UserToken TokenType = "user"
+	// ServiceToken represents a JWT access token for a service.
 	ServiceToken TokenType = "service"
 )

package/go/request/auth_transport.go

@@ -11,66 +11,66 @@ import (
 )
 
 type AuthTransport struct {
-	mu        sync.RWMutex
-	transport http.RoundTripper
-	service   string
-	secret    string
-	token     *jwt.Token
+	mu                sync.RWMutex
+	transport         http.RoundTripper
+	service           string
+	accessTokenSecret string
+	accessToken       *jwt.Token
 }
 
-func NewAuthTransport(transport http.RoundTripper, service string, secret string) *AuthTransport {
+func NewAuthTransport(transport http.RoundTripper, service string, accessTokenSecret string) *AuthTransport {
 	return &AuthTransport{
-		mu:        sync.RWMutex{},
-		transport: transport,
-		service:   service,
-		secret:    secret,
-		token:     nil,
+		mu:                sync.RWMutex{},
+		transport:         transport,
+		service:           service,
+		accessTokenSecret: accessTokenSecret,
+		accessToken:       nil,
 	}
 }
 
 func (t *AuthTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	// get the token
+	// get the access token
 	t.mu.RLock()
-	token := t.token
+	accessToken := t.accessToken
 	t.mu.RUnlock()
 
-	// get the token expiration time
-	expirationTime := time.Time{}
-	if token != nil {
-		e, err := token.Claims.GetExpirationTime()
+	// get the access token expiration time
+	expirationTime := jwt.NewNumericDate(time.Time{})
+	if accessToken != nil {
+		e, err := accessToken.Claims.GetExpirationTime()
 		if err != nil {
-			return nil, fmt.Errorf("failed to get the expiration time from the token: %w", err)
+			return nil, fmt.Errorf("failed to get the expiration time from the access token: %w", err)
 		}
-		expirationTime = e.Time
+		expirationTime = e
 	}
 
-	// check if the token is expired or close to expiring
+	// check if the access token is expired or close to expiring
 	if expirationTime.Before(time.Now().Add(time.Minute)) {
-		err := t.setNewToken()
+		err := t.setNewAccessToken()
 		if err != nil {
-			return nil, fmt.Errorf("failed to set a new token: %w", err)
+			return nil, fmt.Errorf("failed to set a new access token: %w", err)
 		}
 	}
 
 	// perform the request
-	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", t.token.Raw))
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", t.accessToken.Raw))
 	resp, err := t.transport.RoundTrip(req)
 	if err != nil {
 		return nil, err
 	}
 
 	// check if the request failed due to an authorization error.
-	// this should ideally not happen since we are setting a new token if the current one is expired or close to expiring,
-	// but it is still possible for the token to be revoked.
+	// this should ideally not happen since we are setting a new access token if the current one is expired or close to expiring,
+	// but it is still possible for the access token to be revoked.
 	if resp != nil && resp.StatusCode == http.StatusUnauthorized {
-		// set a new token
-		err := t.setNewToken()
+		// set a new access token
+		err := t.setNewAccessToken()
 		if err != nil {
-			return nil, fmt.Errorf("failed to set a new token: %w", err)
+			return nil, fmt.Errorf("failed to set a new access token: %w", err)
 		}
 
 		// retry the request
-		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", t.token.Raw))
+		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", t.accessToken.Raw))
 		return t.transport.RoundTrip(req)
 	}
 
@@ -78,24 +78,24 @@ func (t *AuthTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	return resp, err
 }
 
-func (t *AuthTransport) setNewToken() error {
+func (t *AuthTransport) setNewAccessToken() error {
 	t.mu.Lock()
 	defer t.mu.Unlock()
 
-	// create a new service token
-	rawToken, err := auth.NewServiceToken(t.secret, t.service, t.service, auth.DefaultServiceTokenDuration)
+	// create a new service access token
+	rawAccessToken, err := auth.NewServiceAccessToken(t.accessTokenSecret, t.service, t.service, auth.DefaultServiceAccessTokenDuration)
 	if err != nil {
-		return fmt.Errorf("failed to create a new service token: %w", err)
+		return fmt.Errorf("failed to create a new service access token: %w", err)
 	}
 
-	// validate the token
-	token, err := auth.ValidateToken(rawToken, t.secret)
+	// validate the access token
+	accessToken, err := auth.ValidateToken(rawAccessToken, t.accessTokenSecret)
 	if err != nil {
-		return fmt.Errorf("failed to validate the new token: %w", err)
+		return fmt.Errorf("failed to validate the new access token: %w", err)
 	}
 
-	// set the new token
-	t.token = token
+	// set the new access token
+	t.accessToken = accessToken
 
 	return nil
 }

package/go/request/http.go

@@ -3,9 +3,9 @@ package request
 import "net/http"
 
 // NewHTTPClientWithCommonTransports creates a new HTTP client with commonly shared transports.
-func NewHTTPClientWithCommonTransports(service string, secret string) *http.Client {
+func NewHTTPClientWithCommonTransports(service string, accessTokenSecret string) *http.Client {
 	//exhaustruct:ignore - other fields are optional
 	return &http.Client{
-		Transport: NewAuthTransport(http.DefaultTransport, service, secret),
+		Transport: NewAuthTransport(http.DefaultTransport, service, accessTokenSecret),
 	}
 }

package/go/utils/context.go

@@ -9,49 +9,49 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
-// GetTokenFromContext retrieves the JWT token from the given context.
-func GetTokenFromContext(ctx context.Context) *jwt.Token {
-	token, ok := ctx.Value(models.TokenKey).(*jwt.Token)
+// GetAccessTokenFromContext retrieves the JWT access token from the given context.
+func GetAccessTokenFromContext(ctx context.Context) *jwt.Token {
+	token, ok := ctx.Value(models.AccessTokenKey).(*jwt.Token)
 	if !ok {
 		return nil
 	}
 	return token
 }
 
-// GetActorIdFromContext retrieves the actor id from the JTW token in the given context.
-// The actor id is the subject of the JWT token, and it represents the user id or service name that initiated the request.
+// GetActorIdFromContext retrieves the actor id from the JWT access token in the given context.
+// The actor id is the subject of the JWT access token that represents the user id or service name that initiated the request.
 func GetActorIdFromContext(ctx context.Context) (string, error) {
-	// get the token from the context
-	token := GetTokenFromContext(ctx)
-	if token == nil {
-		return "", errors.New("token not found in the context")
+	// get the access token from the context
+	accessToken := GetAccessTokenFromContext(ctx)
+	if accessToken == nil {
+		return "", errors.New("access token not found in the context")
 	}
 
-	// get the subject from the token
-	subject, err := token.Claims.GetSubject()
+	// get the subject from the access token
+	subject, err := accessToken.Claims.GetSubject()
 	if err != nil {
-		return "", fmt.Errorf("failed to get the subject from the token: %w", err)
+		return "", fmt.Errorf("failed to get the subject from the access token: %w", err)
 	}
 	if subject == "" {
-		return "", errors.New("subject is empty in the token")
+		return "", errors.New("subject is empty in the access token")
 	}
 
 	return subject, nil
 }
 
-// GetTokenTypeFromContext retrieves the token type from the JWT token in the given context.
-// The token type is a custom claim in the JWT token, and it represents the type of the token (e.g. user or service).
+// GetTokenTypeFromContext retrieves the token type from the JWT access token in the given context.
+// The token type is a custom claim in the JWT access token that represents the type of the token (e.g. user or service).
 func GetTokenTypeFromContext(ctx context.Context) (string, error) {
-	// get the token from the context
-	token := GetTokenFromContext(ctx)
-	if token == nil {
-		return "", errors.New("token not found in the context")
+	// get the access token from the context
+	accessToken := GetAccessTokenFromContext(ctx)
+	if accessToken == nil {
+		return "", errors.New("access token not found in the context")
 	}
 
-	// get the token type from the token
-	tokenType, ok := token.Claims.(jwt.MapClaims)["type"].(string)
+	// get the token type from the access token
+	tokenType, ok := accessToken.Claims.(jwt.MapClaims)["type"].(string)
 	if !ok {
-		return "", errors.New("token type not found in the token")
+		return "", errors.New("token type not found in the access token")
 	}
 
 	return tokenType, nil

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rivascva/dt-idl",
-  "version": "1.1.101",
+  "version": "1.1.103",
   "description": "Dream Trade - Interface Definition Language",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",

package/services/dt-user-service.yaml

@@ -279,11 +279,15 @@ components:
         application/json:
           schema:
             properties:
-              token:
+              accessToken:
+                type: string
+                example: ABCD.1234.abcd
+              refreshToken:
                 type: string
                 example: ABCD.1234.abcd
             required:
-              - token
+              - accessToken
+              - refreshToken
 
     NoContent:
       description: No content

package/ts/services/dt-user-service.ts

@@ -163,7 +163,9 @@ export interface components {
             content: {
                 "application/json": {
                     /** @example ABCD.1234.abcd */
-                    token: string;
+                    accessToken: string;
+                    /** @example ABCD.1234.abcd */
+                    refreshToken: string;
                 };
             };
         };