refactor(core): move app para src e padroniza estrutura

2026-05-09 11:01:45 +00:00 · 2026-03-12 19:22:50 +00:00
parent d92e70f1b9
commit b0fbb1062a
567 changed files with 8981 additions and 5014 deletions
--- a/src/app/api/auth/device/refresh/route.ts
+++ b/src/app/api/auth/device/refresh/route.ts
@@ -0,0 +1,85 @@
+import { and, eq, isNull } from "drizzle-orm";
+import { NextResponse } from "next/server";
+import { tokensApi } from "@/db/schema";
+import {
+	extractBearerToken,
+	hashToken,
+	refreshAccessToken,
+	verifyJwt,
+} from "@/shared/lib/auth/api-token";
+import { db } from "@/shared/lib/db";
+
+export async function POST(request: Request) {
+	try {
+		// Extrair refresh token do header
+		const authHeader = request.headers.get("Authorization");
+		const token = extractBearerToken(authHeader);
+
+		if (!token) {
+			return NextResponse.json(
+				{ error: "Refresh token não fornecido" },
+				{ status: 401 },
+			);
+		}
+
+		// Validar refresh token
+		const payload = verifyJwt(token);
+
+		if (!payload || payload.type !== "api_refresh") {
+			return NextResponse.json(
+				{ error: "Refresh token inválido ou expirado" },
+				{ status: 401 },
+			);
+		}
+
+		// Verificar se token não foi revogado
+		const tokenRecord = await db.query.tokensApi.findFirst({
+			where: and(
+				eq(tokensApi.id, payload.tokenId),
+				eq(tokensApi.userId, payload.sub),
+				isNull(tokensApi.revokedAt),
+			),
+		});
+
+		if (!tokenRecord) {
+			return NextResponse.json(
+				{ error: "Token revogado ou não encontrado" },
+				{ status: 401 },
+			);
+		}
+
+		// Gerar novo access token
+		const result = refreshAccessToken(token);
+
+		if (!result) {
+			return NextResponse.json(
+				{ error: "Não foi possível renovar o token" },
+				{ status: 401 },
+			);
+		}
+
+		// Atualizar hash do token e último uso
+		await db
+			.update(tokensApi)
+			.set({
+				tokenHash: hashToken(result.accessToken),
+				lastUsedAt: new Date(),
+				lastUsedIp:
+					request.headers.get("x-forwarded-for") ||
+					request.headers.get("x-real-ip"),
+				expiresAt: result.expiresAt,
+			})
+			.where(eq(tokensApi.id, payload.tokenId));
+
+		return NextResponse.json({
+			accessToken: result.accessToken,
+			expiresAt: result.expiresAt.toISOString(),
+		});
+	} catch (error) {
+		console.error("[API] Error refreshing device token:", error);
+		return NextResponse.json(
+			{ error: "Erro ao renovar token" },
+			{ status: 500 },
+		);
+	}
+}