Implementation of refresh token.

sportshub-application/src/main/java/org/sportshub/application/security/JwtService.java

@@ -17,8 +17,8 @@ public class JwtService {
     private final int tokenExpirationDelayInMinutes;
 
     public JwtService(
-        @Value("${application.security.secretKey}") String secretKey,
+        @Value("${application.security.jwt.secretKey}") String secretKey,
-        @Value("${application.security.tokenExpirationDelayInMinutes}") int tokenExpirationDelayInMinutes
+        @Value("${application.security.jwt.expirationDelayInMinutes}") int tokenExpirationDelayInMinutes
     ) {
         algorithm = Algorithm.HMAC512(secretKey);
         this.tokenExpirationDelayInMinutes = tokenExpirationDelayInMinutes;

sportshub-application/src/main/java/org/sportshub/application/user/UserUseCases.java

@@ -1,5 +1,6 @@
 package org.sportshub.application.user;
 
+import java.time.ZonedDateTime;
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
@@ -8,29 +9,41 @@ import org.sportshub.application.security.AuthenticationFacade;
 import org.sportshub.application.security.JwtService;
 import org.sportshub.application.security.annotation.AllowedToAdmins;
 import org.sportshub.domain.exception.LoginFailureException;
+import org.sportshub.domain.exception.RefreshTokenDoesNotExistException;
+import org.sportshub.domain.exception.RefreshTokenExpiredException;
+import org.sportshub.domain.exception.UserDoesNotExistException;
+import org.sportshub.domain.user.model.RefreshToken;
 import org.sportshub.domain.user.model.User;
+import org.sportshub.domain.user.model.UserAuthenticationData;
 import org.sportshub.domain.user.port.UserPort;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Service
 public class UserUseCases {
+    private static final String TOKEN_TYPE = "Bearer";
+
     private final PasswordEncoder passwordEncoder;
     private final JwtService jwtService;
     private final UserPort userPort;
     private final AuthenticationFacade authenticationFacade;
+    private final int refreshTokenExpirationDelayInDays;
 
     public UserUseCases(
         AuthenticationFacade authenticationFacade,
         JwtService jwtService,
         PasswordEncoder passwordEncoder,
-        UserPort userPort
+        UserPort userPort,
+        @Value("${application.security.refreshToken.expirationDelayInDays}")
+        int refreshTokenExpirationDelayInDays
     ) {
         this.passwordEncoder = passwordEncoder;
         this.jwtService = jwtService;
         this.userPort = userPort;
         this.authenticationFacade = authenticationFacade;
+        this.refreshTokenExpirationDelayInDays = refreshTokenExpirationDelayInDays;
     }
 
     public Optional<User> findById(UUID userId) {
@@ -42,11 +55,26 @@ public class UserUseCases {
         return userPort.findAll();
     }
 
-    public String authenticate(final UUID id, final String password) {
+    public UserAuthenticationData authenticate(UUID userId, String password) {
-        return userPort.findById(id)
+        User user = userPort.findById(userId)
-            .filter(user -> passwordEncoder.matches(password, user.password()))
-            .map(jwtService::createJwt)
             .orElseThrow(LoginFailureException::new);
+
+        if (!passwordEncoder.matches(password, user.password())) {
+            throw new LoginFailureException();
+        }
+
+        return generateAuthenticationData(user);
+    }
+
+    public UserAuthenticationData authenticate(UUID refreshTokenValue) {
+        RefreshToken refreshToken = userPort.findRefreshTokenById(refreshTokenValue)
+            .filter(RefreshToken::isNotExpired)
+            .orElseThrow(() -> new RefreshTokenDoesNotExistException(refreshTokenValue));
+
+        User user = userPort.findById(refreshToken.userId())
+            .orElseThrow(() -> new UserDoesNotExistException(refreshToken.userId()));
+
+        return generateAuthenticationData(user);
     }
 
     public Optional<User> getAuthenticatedUser() {
@@ -57,4 +85,25 @@ public class UserUseCases {
             .map(UUID::fromString)
             .flatMap(userPort::findById);
     }
+
+    private UserAuthenticationData generateAuthenticationData(final User user) {
+        String accessToken = jwtService.createJwt(user);
+
+        RefreshToken newRefreshToken = createNewRefreshToken(user);
+
+        return new UserAuthenticationData(
+            TOKEN_TYPE,
+            accessToken,
+            newRefreshToken
+        );
+    }
+
+    private RefreshToken createNewRefreshToken(User user) {
+        RefreshToken refreshToken = new RefreshToken(
+            user.id(),
+            ZonedDateTime.now().plusDays(refreshTokenExpirationDelayInDays)
+        );
+        userPort.save(refreshToken);
+        return refreshToken;
+    }
 }

sportshub-domain/src/main/java/org/sportshub/domain/exception/RefreshTokenDoesNotExistException.java

@@ -0,0 +1,9 @@
+package org.sportshub.domain.exception;
+
+import java.util.UUID;
+
+public class RefreshTokenDoesNotExistException extends FunctionnalException {
+    public RefreshTokenDoesNotExistException(UUID refreshTokenValue) {
+        super(String.format("Refresh token \"%s\" does not exist.", refreshTokenValue));
+    }
+}

sportshub-domain/src/main/java/org/sportshub/domain/exception/RefreshTokenExpiredException.java

@@ -0,0 +1,9 @@
+package org.sportshub.domain.exception;
+
+import java.util.UUID;
+
+public class RefreshTokenExpiredException extends FunctionnalException {
+    public RefreshTokenExpiredException(UUID refreshTokenValue) {
+        super(String.format("Refresh token \"%s\" is expired.", refreshTokenValue));
+    }
+}

sportshub-domain/src/main/java/org/sportshub/domain/exception/UserDoesNotExistException.java

@@ -0,0 +1,9 @@
+package org.sportshub.domain.exception;
+
+import java.util.UUID;
+
+public class UserDoesNotExistException extends FunctionnalException {
+    public UserDoesNotExistException(UUID userId) {
+        super(String.format("User \"%s\" does not exist.", userId));
+    }
+}

sportshub-domain/src/main/java/org/sportshub/domain/user/model/RefreshToken.java

@@ -0,0 +1,22 @@
+package org.sportshub.domain.user.model;
+
+import java.time.ZonedDateTime;
+import java.util.UUID;
+
+public record RefreshToken(
+    UUID userId,
+    UUID value,
+    ZonedDateTime expirationDate
+) {
+    public RefreshToken(UUID userId, ZonedDateTime exporationDate) {
+        this(userId, UUID.randomUUID(), exporationDate);
+    }
+
+    public boolean isExpired() {
+        return ZonedDateTime.now().isAfter(expirationDate);
+    }
+
+    public boolean isNotExpired() {
+        return !isExpired();
+    }
+}

sportshub-domain/src/main/java/org/sportshub/domain/user/model/UserAuthenticationData.java

@@ -0,0 +1,8 @@
+package org.sportshub.domain.user.model;
+
+public record UserAuthenticationData(
+    String tokenType,
+    String accessToken,
+    RefreshToken refreshToken
+) {
+}

sportshub-domain/src/main/java/org/sportshub/domain/user/port/UserPort.java

@@ -4,6 +4,7 @@ import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
+import org.sportshub.domain.user.model.RefreshToken;
 import org.sportshub.domain.user.model.User;
 
 public interface UserPort {
@@ -12,4 +13,12 @@ public interface UserPort {
     List<User> findAll();
 
     void save(User user);
+
+    boolean existsById(UUID userId);
+
+    Optional<RefreshToken> findRefreshTokenByUserId(UUID userId);
+
+    Optional<RefreshToken> findRefreshTokenById(UUID refreshTokenId);
+
+    void save(RefreshToken refreshToken);
 }

sportshub-exposition/src/main/java/org/sportshub/exposition/configuration/GlobalControllerExceptionHandler.java

@@ -1,7 +1,12 @@
 package org.sportshub.exposition.configuration;
 
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
+import static org.springframework.http.HttpStatus.NOT_FOUND;
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
 import org.sportshub.domain.exception.LoginFailureException;
+import org.sportshub.domain.exception.RefreshTokenDoesNotExistException;
+import org.sportshub.domain.exception.RefreshTokenExpiredException;
+import org.sportshub.domain.exception.UserDoesNotExistException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -14,4 +19,22 @@ public class GlobalControllerExceptionHandler {
     public void handleLoginFailureException() {
         // Do nothing.
     }
+
+    @ResponseStatus(NOT_FOUND)
+    @ExceptionHandler(UserDoesNotExistException.class)
+    public void handleUserDoesNotExistException() {
+        // Do nothing.
+    }
+
+    @ResponseStatus(NOT_FOUND)
+    @ExceptionHandler(RefreshTokenDoesNotExistException.class)
+    public void handleRefreshTokenDoesNotExistException() {
+        // Do nothing.
+    }
+
+    @ResponseStatus(UNAUTHORIZED)
+    @ExceptionHandler(RefreshTokenExpiredException.class)
+    public void handleRefreshTokenExpiredException() {
+        // Do nothing.
+    }
 }

sportshub-exposition/src/main/java/org/sportshub/exposition/configuration/SecurityConfiguration.java

@@ -48,7 +48,8 @@ public class SecurityConfiguration {
                 ).permitAll()
                 .requestMatchers(
                     POST,
-                    "/api/users/login"
+                    "/api/users/login",
+                    "/api/users/refresh-token"
                 ).permitAll()
                 .requestMatchers(OPTIONS).permitAll()
                 .anyRequest().authenticated()

sportshub-exposition/src/main/java/org/sportshub/exposition/user/UserController.java

@@ -4,7 +4,10 @@ import java.util.List;
 
 import org.sportshub.application.user.UserUseCases;
 import org.sportshub.domain.user.model.User;
+import org.sportshub.domain.user.model.UserAuthenticationData;
 import org.sportshub.exposition.user.model.LoginRequest;
+import org.sportshub.exposition.user.model.LoginResponse;
+import org.sportshub.exposition.user.model.RefreshTokenRequest;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -21,12 +24,19 @@ public class UserController {
     }
 
     @PostMapping("/login")
-    public String login(@RequestBody LoginRequest request) {
+    public LoginResponse login(@RequestBody LoginRequest request) {
-        return userUseCases.authenticate(request.id(), request.password());
+        UserAuthenticationData userAuthenticationData = userUseCases.authenticate(request.id(), request.password());
+        return new LoginResponse(userAuthenticationData);
     }
 
     @GetMapping
     public List<User> findAll() {
         return userUseCases.findAll();
     }
+
+    @PostMapping("/refresh-token")
+    public LoginResponse refreshToken(@RequestBody RefreshTokenRequest request) {
+        UserAuthenticationData userAuthenticationData = userUseCases.authenticate(request.refreshTokenValue());
+        return new LoginResponse(userAuthenticationData);
+    }
 }

sportshub-exposition/src/main/java/org/sportshub/exposition/user/model/LoginResponse.java

@@ -0,0 +1,17 @@
+package org.sportshub.exposition.user.model;
+
+import org.sportshub.domain.user.model.UserAuthenticationData;
+
+public record LoginResponse(
+    String tokenType,
+    String accessToken,
+    String refreshToken
+) {
+    public LoginResponse(UserAuthenticationData userAuthenticationData) {
+        this(
+            userAuthenticationData.tokenType(),
+            userAuthenticationData.accessToken(),
+            userAuthenticationData.refreshToken().value().toString()
+        );
+    }
+}

sportshub-exposition/src/main/java/org/sportshub/exposition/user/model/RefreshTokenRequest.java

@@ -0,0 +1,8 @@
+package org.sportshub.exposition.user.model;
+
+import java.util.UUID;
+
+public record RefreshTokenRequest(
+    UUID refreshTokenValue
+) {
+}

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/adapter/UserInMemoryAdapter.java

@@ -1,49 +0,0 @@
-package org.sportshub.infrastructure.user.adapter;
-
-import java.util.List;
-import java.util.Optional;
-import java.util.UUID;
-
-import static org.sportshub.domain.user.model.UserRole.ADMIN;
-import static org.sportshub.domain.user.model.UserRole.STANDARD;
-import org.sportshub.domain.user.model.User;
-import org.sportshub.domain.user.port.UserPort;
-import org.springframework.stereotype.Component;
-
-//@Component
-public class UserInMemoryAdapter implements UserPort {
-    private static final List<User> users = List.of(
-        new User(
-            UUID.fromString("c1a0805f-c618-47dc-bae7-bee70503644e"),
-            "$2a$10$WPuLOKpvaQnMotNo5ijPwegBPwmMF1C04XkTNCBpeBFo4r2YJWy.2",
-            List.of(STANDARD)
-        ),
-        new User(
-            UUID.fromString("4eff194d-dd8e-463e-974f-034bfd509f84"),
-            "$2a$10$WPuLOKpvaQnMotNo5ijPwegBPwmMF1C04XkTNCBpeBFo4r2YJWy.2",
-            List.of(STANDARD)
-        ),
-        new User(
-            UUID.fromString("c78d7d7c-0386-415d-86dc-98a470591e07"),
-            "$2a$10$WPuLOKpvaQnMotNo5ijPwegBPwmMF1C04XkTNCBpeBFo4r2YJWy.2",
-            List.of(STANDARD, ADMIN)
-        )
-    );
-
-    @Override
-    public Optional<User> findById(final UUID userId) {
-        return users.stream()
-            .filter(user -> userId.equals(user.id()))
-            .findFirst();
-    }
-
-    @Override
-    public List<User> findAll() {
-        return users;
-    }
-
-    @Override
-    public void save(final User user) {
-        // Do nothing.
-    }
-}

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/adapter/UserJpaAdapter.java

@@ -4,43 +4,68 @@ import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
+import org.sportshub.domain.user.model.RefreshToken;
 import org.sportshub.domain.user.model.User;
 import org.sportshub.domain.user.port.UserPort;
-import org.sportshub.infrastructure.user.mapper.UserMapper;
+import org.sportshub.infrastructure.user.model.RefreshTokenEntity;
 import org.sportshub.infrastructure.user.model.UserEntity;
+import org.sportshub.infrastructure.user.repository.RefreshTokenJpaRepository;
 import org.sportshub.infrastructure.user.repository.UserJpaRepository;
 import org.springframework.stereotype.Component;
 
 @Component
 public class UserJpaAdapter implements UserPort {
+    private final RefreshTokenJpaRepository refreshTokenJpaRepository;
     private final UserJpaRepository userJpaRepository;
-    private final UserMapper userMapper;
 
     public UserJpaAdapter(
-        UserJpaRepository userJpaRepository,
+        RefreshTokenJpaRepository refreshTokenJpaRepository,
-        UserMapper userMapper
+        UserJpaRepository userJpaRepository
     ) {
+        this.refreshTokenJpaRepository = refreshTokenJpaRepository;
         this.userJpaRepository = userJpaRepository;
-        this.userMapper = userMapper;
     }
 
     @Override
-    public Optional<User> findById(final UUID userId) {
+    public Optional<User> findById(UUID userId) {
         return userJpaRepository.findById(userId)
-            .map(userMapper::mapFrom);
+            .map(UserEntity::toUser);
     }
 
     @Override
     public List<User> findAll() {
         return userJpaRepository.findAll()
             .stream()
-            .map(userMapper::mapFrom)
+            .map(UserEntity::toUser)
             .toList();
     }
 
     @Override
     public void save(User user) {
-        UserEntity userEntity = userMapper.mapTo(user);
+        UserEntity userEntity = new UserEntity(user);
         userJpaRepository.save(userEntity);
     }
+
+    @Override
+    public boolean existsById(final UUID userId) {
+        return userJpaRepository.existsById(userId);
+    }
+
+    @Override
+    public Optional<RefreshToken> findRefreshTokenByUserId(UUID userId) {
+        return refreshTokenJpaRepository.findByUserId(userId)
+            .map(RefreshTokenEntity::toRefreshToken);
+    }
+
+    @Override
+    public Optional<RefreshToken> findRefreshTokenById(UUID refreshTokenId) {
+        return refreshTokenJpaRepository.findByValue(refreshTokenId)
+            .map(RefreshTokenEntity::toRefreshToken);
+    }
+
+    @Override
+    public void save(RefreshToken refreshToken) {
+        RefreshTokenEntity refreshTokenEntity = new RefreshTokenEntity(refreshToken);
+        refreshTokenJpaRepository.save(refreshTokenEntity);
+    }
 }

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/mapper/UserMapper.java

@@ -1,20 +0,0 @@
-package org.sportshub.infrastructure.user.mapper;
-
-import org.sportshub.domain.user.model.User;
-import org.sportshub.infrastructure.user.model.UserEntity;
-import org.springframework.stereotype.Component;
-
-@Component
-public class UserMapper {
-    public User mapFrom(UserEntity userEntity) {
-        return new User(userEntity.getId(), userEntity.getPassword(), userEntity.getRoles());
-    }
-
-    public UserEntity mapTo(User user) {
-        return new UserEntity(
-            user.id(),
-            user.password(),
-            user.roles()
-        );
-    }
-}

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/model/RefreshTokenEntity.java

@@ -0,0 +1,40 @@
+package org.sportshub.infrastructure.user.model;
+
+import java.time.ZonedDateTime;
+import java.util.UUID;
+
+import org.sportshub.domain.user.model.RefreshToken;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Entity
+@Table(name = "refresh_token")
+@AllArgsConstructor
+@NoArgsConstructor
+@Getter
+@Setter
+public class RefreshTokenEntity {
+    @Id
+    private UUID userId;
+    @Column(nullable = false)
+    private UUID value;
+    @Column(nullable = false)
+    private ZonedDateTime expirationDate;
+
+    public RefreshTokenEntity(RefreshToken refreshToken) {
+        userId = refreshToken.userId();
+        value = refreshToken.value();
+        expirationDate = refreshToken.expirationDate();
+    }
+
+    public RefreshToken toRefreshToken() {
+        return new RefreshToken(userId, value, expirationDate);
+    }
+}

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/model/UserEntity.java

@@ -3,6 +3,7 @@ package org.sportshub.infrastructure.user.model;
 import java.util.List;
 import java.util.UUID;
 
+import org.sportshub.domain.user.model.User;
 import org.sportshub.domain.user.model.UserRole;
 
 import jakarta.persistence.CollectionTable;
@@ -37,4 +38,18 @@ public class UserEntity {
     )
     @Column(name = "role")
     private List<UserRole> roles;
+
+    public UserEntity(User user) {
+        id = user.id();
+        password = user.password();
+        roles = user.roles();
+    }
+
+    public User toUser() {
+        return new User(
+            id,
+            password,
+            roles
+        );
+    }
 }

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/repository/RefreshTokenJpaRepository.java

@@ -0,0 +1,15 @@
+package org.sportshub.infrastructure.user.repository;
+
+import java.util.Optional;
+import java.util.UUID;
+
+import org.sportshub.infrastructure.user.model.RefreshTokenEntity;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface RefreshTokenJpaRepository extends JpaRepository<RefreshTokenEntity, UUID> {
+    Optional<RefreshTokenEntity> findByUserId(UUID userId);
+
+    Optional<RefreshTokenEntity> findByValue(UUID refreshTokenId);
+}

sportshub-infrastructure/src/main/java/org/sportshub/infrastructure/user/repository/UserJpaRepository.java

@@ -8,9 +8,9 @@ import org.sportshub.infrastructure.user.model.UserEntity;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Repository;
 
-@Service
+@Repository
 public interface UserJpaRepository extends JpaRepository<UserEntity, UUID> {
     @Query("SELECT u FROM UserEntity u JOIN FETCH u.roles WHERE u.id = :userId")
     Optional<UserEntity> findById(@Param("userId") UUID userId);

sportshub-infrastructure/src/main/resources/sql/001-initial-script-tables-creation.sql

@@ -11,3 +11,12 @@ CREATE TABLE IF NOT EXISTS user_role (
     CONSTRAINT user_role_fk_user_id FOREIGN KEY (user_id) REFERENCES "user" (id)
 );
 CREATE INDEX user_role_fk_user_id_idx ON user_role (user_id);
+
+CREATE TABLE IF NOT EXISTS refresh_token (
+    user_id UUID NOT NULL,
+    value UUID NOT NULL,
+    expiration_date TIMESTAMP NOT NULL,
+    CONSTRAINT refresh_token_pk PRIMARY KEY (user_id),
+    CONSTRAINT refresh_token_fk_user_id FOREIGN KEY (user_id) REFERENCES "user" (id)
+);
+CREATE INDEX refresh_token_fk_user_id_idx ON user_role (user_id);

sportshub-launcher/src/main/resources/application.yml

@@ -1,7 +1,10 @@
 application:
   security:
+    jwt:
       secretKey: "secret-key"
-    tokenExpirationDelayInMinutes: 30
+      expirationDelayInMinutes: 30
+    refreshToken:
+      expirationDelayInDays: 7
 
 logging:
   level: