GKaszewski/k-tv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): refresh tokens + remember me

Browse Source 
Backend: add refresh JWT (30d, token_type claim), POST /auth/refresh
endpoint (rotates token pair), remember_me on login, JWT_REFRESH_EXPIRY_DAYS
env var. Extractors now reject refresh tokens on protected routes.

Frontend: sessionStorage for non-remembered sessions, localStorage +
refresh token for remembered sessions. Transparent 401 recovery in
api.ts (retry once after refresh). Remember me checkbox on login page
with security note when checked.
This commit is contained in:
Gabriel Kaszewski
2026-03-19 22:24:26 +01:00
parent 8bdd5e2277
commit d2412da057
13 changed files with 307 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
k-tv-frontend/lib/types.ts
View File

@@ -178,6 +178,7 @@ export interface TokenResponse {
access_token: string;
token_type: string;
expires_in: number;
refresh_token?: string;
}
export interface UserResponse {