28 lines
1.2 KiB
Go
28 lines
1.2 KiB
Go
package models
|
|
|
|
import (
|
|
"time"
|
|
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// RefreshToken represents a server-side record of issued refresh tokens
|
|
// to support rotation, revocation and reuse detection.
|
|
type RefreshToken struct {
|
|
gorm.Model
|
|
UserID uint `gorm:"not null;index" json:"user_id"`
|
|
TokenID string `gorm:"type:varchar(128);not null;uniqueIndex" json:"token_id"`
|
|
// TokenHash is SHA-256 hex of the refresh token string (64 chars).
|
|
// Stored instead of the raw token for security, while still allowing debug/lookup.
|
|
TokenHash string `gorm:"type:char(64);index" json:"token_hash"`
|
|
// TokenFingerprint is a masked representation (e.g. first6...last4) to help operators
|
|
// visually correlate DB rows with logs without storing full token.
|
|
TokenFingerprint string `gorm:"type:varchar(32);index" json:"token_fingerprint"`
|
|
ExpiresAt time.Time `gorm:"index" json:"expires_at"`
|
|
Revoked bool `gorm:"index" json:"revoked"`
|
|
ReplacedByTokenID string `gorm:"type:varchar(128)" json:"replaced_by_token_id"`
|
|
UserAgent string `gorm:"type:varchar(255)" json:"user_agent"`
|
|
IP string `gorm:"type:varchar(64)" json:"ip"`
|
|
}
|
|
|