Skip to content

Commit c6d1a91

Browse files
fullstackondemandfullstackondemand
committed
perf: share access token and refresh token by cookies
1 parent 357c568 commit c6d1a91

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

index.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
// Authentication Routes
1414
$app->post('/auth/login/', [UserController::class, 'login']);
1515
$app->get('/auth/logout/', [UserController::class, 'logout'])->add(Authorization::class);
16-
$app->post('/auth/refreshtoken/', [UserController::class, 'regenerateAccessToken']);
16+
$app->get('/auth/refreshtoken/', [UserController::class, 'regenerateAccessToken']);
1717

1818
// Application Routes
1919
$app->group('/categories', CategoryRouter::class)->add(Authorization::class);

src/Controller/AbstractAuthController.php

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -47,18 +47,18 @@ public function login($req, $res) {
4747
$refreshToken = $user->generateRefreshToken();
4848

4949
// Add Authorization Cookies
50-
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/', secure: true, httponly: true);
51-
setcookie('RTID', $refreshToken, time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY'], path: '/', secure: true, httponly: true);
50+
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/', secure: true);
51+
setcookie('RTID', $refreshToken, time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY'], path: '/', secure: true);
5252

53-
return response($req, $res, new Response(message: "User logged in successfully.", data: ['user'=> $user, 'accessToken' => $accessToken, 'refreshToken' => $refreshToken]));
53+
return response($req, $res, new Response(message: "User logged in successfully."));
5454
}
5555

5656
/** Logout Function */
5757
public function logout($req, $res) {
5858

5959
// Remove Authorization Cookies
60-
setcookie('SSID', '', time() - 100, path: '/', secure: true, httponly: true);
61-
setcookie('RTID', '', time() - 100, path: '/', secure: true, httponly: true);
60+
setcookie('SSID', '', time() - 100, path: '/', secure: true);
61+
setcookie('RTID', '', time() - 100, path: '/', secure: true);
6262

6363
return response($req, $res, new Response(message: "User logged out successfully."));
6464
}
@@ -67,7 +67,7 @@ public function logout($req, $res) {
6767
public function regenerateAccessToken($req, $res) {
6868

6969
/** User Refresh Token */
70-
$refreshToken = $req->getParsedBody()['refreshToken'] ?? null;
70+
$refreshToken = $_COOKIE['RTID'];
7171

7272
try {
7373
/** Decode Json Web Token */
@@ -83,8 +83,8 @@ public function regenerateAccessToken($req, $res) {
8383
$accessToken = $user->generateAccessToken();
8484

8585
// Add Authorization Cookies
86-
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/', secure: true, httponly: true);
86+
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/', secure: true);
8787

88-
return response($req, $res, new Response(message: "User regenrate access token successfully.", data: ['user' => $user, 'accessToken' => $accessToken]));
88+
return response($req, $res, new Response(message: "User regenrate access token successfully."));
8989
}
9090
}

0 commit comments

Comments
 (0)