Skip to content

JWT Token Refresh Rotation #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JerryIdoko merged 3 commits into from
Feb 25, 2026
Merged

JWT Token Refresh Rotation #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
27b67c6
jwt
Feb 25, 2026
83cab28
Merge branch 'main' into JWT
JerryIdoko Feb 25, 2026
08330ba
Merge branch 'main' into JWT
JerryIdoko Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions backend/migrations/008_create_refresh_tokens_table.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
-- Create refresh_tokens table for JWT token refresh rotation
-- This table stores hashed refresh tokens for secure session management

CREATE TABLE refresh_tokens (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
token VARCHAR(255) NOT NULL UNIQUE,
user_address VARCHAR(42) NOT NULL,
expires_at TIMESTAMP NOT NULL,
is_revoked BOOLEAN NOT NULL DEFAULT FALSE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- Add comments to columns
COMMENT ON TABLE refresh_tokens IS 'Stores hashed refresh tokens for JWT token rotation';
COMMENT ON COLUMN refresh_tokens.id IS 'Primary key UUID';
COMMENT ON COLUMN refresh_tokens.token IS 'Hashed refresh token (bcrypt)';
COMMENT ON COLUMN refresh_tokens.user_address IS 'User wallet address';
COMMENT ON COLUMN refresh_tokens.expires_at IS 'Token expiration time';
COMMENT ON COLUMN refresh_tokens.is_revoked IS 'Whether the token has been revoked';
COMMENT ON COLUMN refresh_tokens.created_at IS 'Token creation timestamp';
COMMENT ON COLUMN refresh_tokens.updated_at IS 'Token last update timestamp';

-- Create indexes for performance
CREATE INDEX idx_refresh_tokens_token ON refresh_tokens(token);
CREATE INDEX idx_refresh_tokens_user_address ON refresh_tokens(user_address);
CREATE INDEX idx_refresh_tokens_expires_at ON refresh_tokens(expires_at);
CREATE INDEX idx_refresh_tokens_is_revoked ON refresh_tokens(is_revoked);

-- Create composite index for active tokens lookup
CREATE INDEX idx_refresh_tokens_active ON refresh_tokens(user_address, is_revoked, expires_at)
WHERE is_revoked = FALSE AND expires_at > CURRENT_TIMESTAMP;
149 changes: 149 additions & 0 deletions backend/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions backend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
"@sentry/node": "^10.39.0",
"@sentry/profiling-node": "^10.39.0",
"axios": "^1.6.2",
"bcryptjs": "^3.0.3",
"cookie-parser": "^1.4.7",
"cors": "^2.8.5",
"discord.js": "^14.14.1",
"dotenv": "^16.3.1",
Expand All @@ -25,6 +27,7 @@
"graphql": "^16.8.1",
"graphql-subscriptions": "^2.0.0",
"graphql-ws": "^5.14.3",
"jsonwebtoken": "^9.0.3",
"node-cron": "^4.2.1",
"nodemailer": "^8.0.1",
"pdfkit": "^0.17.2",
Expand Down
Loading