diff --git a/src/main/java/spring/backend/auth/presentation/HandleOAuthLoginController.java b/src/main/java/spring/backend/auth/presentation/HandleOAuthLoginController.java index 0b9c3ffb..ddd062d5 100644 --- a/src/main/java/spring/backend/auth/presentation/HandleOAuthLoginController.java +++ b/src/main/java/spring/backend/auth/presentation/HandleOAuthLoginController.java @@ -1,6 +1,7 @@ package spring.backend.auth.presentation; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseCookie; import org.springframework.http.ResponseEntity; @@ -11,12 +12,25 @@ import spring.backend.core.configuration.argumentresolver.ClientIp; import spring.backend.core.presentation.RestResponse; +import java.time.Duration; + @RestController @RequestMapping("/v1/oauth/login") -@RequiredArgsConstructor public class HandleOAuthLoginController { private final HandleOAuthLoginService handleOAuthLoginService; + private final long ACCESS_EXPIRATION; + private final long REFRESH_EXPIRATION; + + public HandleOAuthLoginController(HandleOAuthLoginService handleOAuthLoginService, + @Value("${jwt.access-token-expiry}") long accessTokenExpiry, + @Value("${jwt.refresh-token-expiry}") long refreshTokenExpiry + ) { + this.handleOAuthLoginService = handleOAuthLoginService; + this.ACCESS_EXPIRATION = accessTokenExpiry; + this.REFRESH_EXPIRATION = refreshTokenExpiry; + } + @GetMapping("/{providerName}") public ResponseEntity> handleOAuthLogin(@RequestParam(value = "code", required = false) String code, @@ -26,12 +40,14 @@ public ResponseEntity> handleOAuthLogin(@Req .httpOnly(true) .secure(true) .sameSite("None") + .maxAge(Duration.ofSeconds(ACCESS_EXPIRATION)) .path("/") .build(); ResponseCookie refreshTokenCookie = ResponseCookie.from("refresh_token", loginResponse.refreshToken()) .httpOnly(true) .secure(true) .sameSite("None") + .maxAge(Duration.ofDays(REFRESH_EXPIRATION)) .path("/") .build(); diff --git a/src/main/java/spring/backend/auth/presentation/RotateAccessTokenController.java b/src/main/java/spring/backend/auth/presentation/RotateAccessTokenController.java index 28a7202a..521e8363 100644 --- a/src/main/java/spring/backend/auth/presentation/RotateAccessTokenController.java +++ b/src/main/java/spring/backend/auth/presentation/RotateAccessTokenController.java @@ -3,6 +3,7 @@ import com.maxmind.geoip2.exception.GeoIp2Exception; import lombok.RequiredArgsConstructor; import lombok.extern.log4j.Log4j2; +import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseCookie; import org.springframework.http.ResponseEntity; @@ -17,15 +18,26 @@ import spring.backend.core.presentation.RestResponse; import java.io.IOException; +import java.time.Duration; import static org.springframework.http.ResponseCookie.from; @RestController @RequestMapping("/v1/token/rotate") -@RequiredArgsConstructor @Log4j2 public class RotateAccessTokenController implements RotateTokenSwagger { private final RotateAccessTokenService rotateTokenService; + private final long ACCESS_EXPIRATION; + private final long REFRESH_EXPIRATION; + + public RotateAccessTokenController(RotateAccessTokenService rotateTokenService, + @Value("${jwt.access-token-expiry}") long accessTokenExpiry, + @Value("${jwt.refresh-token-expiry}") long refreshTokenExpiry + ) { + this.rotateTokenService = rotateTokenService; + this.ACCESS_EXPIRATION = accessTokenExpiry; + this.REFRESH_EXPIRATION = refreshTokenExpiry; + } @PostMapping public ResponseEntity> rotateToken( @@ -37,6 +49,7 @@ public ResponseEntity> rotateToken( .httpOnly(true) .secure(true) .sameSite("None") + .maxAge(Duration.ofSeconds(ACCESS_EXPIRATION)) .path("/") .build(); @@ -44,6 +57,7 @@ public ResponseEntity> rotateToken( .httpOnly(true) .secure(true) .sameSite("None") + .maxAge(Duration.ofDays(REFRESH_EXPIRATION)) .path("/") .build();