chore: update auth middleware (#2057)

* chore: update auth middleware * chore: update * chore: update
2025-06-05 22:09:59 +02:00 · 2023-07-31 20:55:40 +08:00
parent cc3a47fc65
commit 5f819fc86f
22 changed files with 313 additions and 540 deletions
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@ -0,0 +1,27 @@
+package auth
+
+import (
+	"time"
+)
+
+const (
+	// The key name used to store user id in the context
+	// user id is extracted from the jwt token subject field.
+	UserIDContextKey = "user-id"
+	// issuer is the issuer of the jwt token.
+	Issuer = "memos"
+	// Signing key section. For now, this is only used for signing, not for verifying since we only
+	// have 1 version. But it will be used to maintain backward compatibility if we change the signing mechanism.
+	KeyID = "v1"
+	// AccessTokenAudienceName is the audience name of the access token.
+	AccessTokenAudienceName = "user.access-token"
+	AccessTokenDuration     = 7 * 24 * time.Hour
+
+	// CookieExpDuration expires slightly earlier than the jwt expiration. Client would be logged out if the user
+	// cookie expires, thus the client would always logout first before attempting to make a request with the expired jwt.
+	// Suppose we have a valid refresh token, we will refresh the token in cases:
+	// 1. The access token has already expired, we refresh the token so that the ongoing request can pass through.
+	CookieExpDuration = AccessTokenDuration - 1*time.Minute
+	// AccessTokenCookieName is the cookie name of access token.
+	AccessTokenCookieName = "memos.access-token"
+)