Commit
Implement secure refresh token authentication system
Commit details
Commit notes
- Upgraded the authentication system to a dual token mechanism, introducing short-lived access tokens and long-lived refresh tokens stored in httpOnly cookies for enhanced security. - Added a new `RefreshToken` model to the database to manage refresh tokens, supporting token revocation and rotation. - Implemented new API endpoints for refreshing access tokens and updated existing authentication routes to accommodate the new token structure. - Enhanced frontend components to automatically manage token storage and retrieval, eliminating manual token handling for a cleaner codebase. - Updated environment variables and migration notes to reflect changes in token configuration and security practices. - Ensured backward compatibility for existing users during the transition to the new authentication system.
- Files changed
- 18
- Lines added
- +914
- Lines removed
- −399