using Hutopy.Infrastructure.Security; using Hutopy.Modules.Identity.Configuration; using Hutopy.Modules.Identity.Data; using Microsoft.Extensions.Options; namespace Hutopy.Modules.Identity.Handlers; [PublicAPI] public record RefreshTokenRequest( string RefreshToken); [PublicAPI] public record RefreshTokenResponse( string AccessToken, string RefreshToken); [PublicAPI] public class RefreshTokenHandler( UserManager userManager, IOptionsSnapshot jwtOptions) : Endpoint { public override void Configure() { AllowAnonymous(); Post("/api/users/refresh"); Options(o => o.WithTags("Users")); } public override async Task HandleAsync( RefreshTokenRequest request, CancellationToken ct) { // Find the user using the refresh token var user = await userManager.Users .FirstOrDefaultAsync(u => u.RefreshToken == request.RefreshToken, ct); if (user == null || user.RefreshTokenExpiryTime <= DateTime.UtcNow) { await SendUnauthorizedAsync(ct); return; } // Generate a new refresh token if rotation is required if (jwtOptions.Value.RefreshTokenRequireRotation || user.RefreshToken is null) { user.RefreshToken = RefreshTokenGenerator.Next(); } // Update refresh token expiry time user.RefreshTokenExpiryTime = DateTime.UtcNow.Add(jwtOptions.Value.RefreshTokenLifetime); await userManager.UpdateAsync(user); // Generate a new access token var accessToken = JwtTokenHelper.GenerateJwtToken( expiresIn: jwtOptions.Value.Lifetime, issuer: jwtOptions.Value.Issuer, audience: jwtOptions.Value.Audience, key: jwtOptions.Value.Key, userId: user.Id.ToString(), email: user.Email ?? string.Empty, alias: user.Alias, firstname: user.Firstname ?? string.Empty, lastname: user.Lastname ?? string.Empty, portraitUrl: user.PortraitUrl); await SendOkAsync( new RefreshTokenResponse(accessToken, user.RefreshToken), cancellation: ct); } }