Skip to content

Commit 8b19788

Browse files
fullstackondemandfullstackondemand
committed
chore: share access and refresh token by response
1 parent c6d1a91 commit 8b19788

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

index.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@
1212

1313
// Authentication Routes
1414
$app->post('/auth/login/', [UserController::class, 'login']);
15-
$app->get('/auth/logout/', [UserController::class, 'logout'])->add(Authorization::class);
16-
$app->get('/auth/refreshtoken/', [UserController::class, 'regenerateAccessToken']);
15+
$app->post('/auth/logout/', [UserController::class, 'logout'])->add(Authorization::class);
16+
$app->post('/auth/refreshtoken/', [UserController::class, 'regenerateAccessToken']);
1717

1818
// Application Routes
1919
$app->group('/categories', CategoryRouter::class)->add(Authorization::class);

src/Controller/AbstractAuthController.php

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -47,18 +47,18 @@ public function login($req, $res) {
4747
$refreshToken = $user->generateRefreshToken();
4848

4949
// Add Authorization Cookies
50-
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/', secure: true);
51-
setcookie('RTID', $refreshToken, time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY'], path: '/', secure: true);
50+
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
51+
setcookie('RTID', $refreshToken, time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
5252

53-
return response($req, $res, new Response(message: "User logged in successfully."));
53+
return response($req, $res, new Response(data: ['userId' => $user->id, 'SSID' => ['token' => $accessToken, 'exp' => time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY']], 'RTID' => ['token' => $refreshToken, 'exp' => time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY']]]));
5454
}
5555

5656
/** Logout Function */
5757
public function logout($req, $res) {
5858

5959
// Remove Authorization Cookies
60-
setcookie('SSID', '', time() - 100, path: '/', secure: true);
61-
setcookie('RTID', '', time() - 100, path: '/', secure: true);
60+
setcookie('SSID', '', time() - 100, path: '/api', secure: true, httponly: true);
61+
setcookie('RTID', '', time() - 100, path: '/api', secure: true, httponly: true);
6262

6363
return response($req, $res, new Response(message: "User logged out successfully."));
6464
}
@@ -83,8 +83,8 @@ public function regenerateAccessToken($req, $res) {
8383
$accessToken = $user->generateAccessToken();
8484

8585
// Add Authorization Cookies
86-
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/', secure: true);
86+
setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
8787

88-
return response($req, $res, new Response(message: "User regenrate access token successfully."));
88+
return response($req, $res, new Response(data: ['SSID' => ['token' => $accessToken, 'exp' => time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY']]]));
8989
}
9090
}

0 commit comments

Comments
 (0)