feat: add refresh token flow for long-lived sessions

- Add RefreshToken model with rotation
- Add POST /auth/refresh endpoint
- Add POST /auth/logout that revokes refresh token
- Login returns JWT (8h) + refresh_token (30 days)
- Refresh rotates token (old is revoked)
- Fix Carbon\Carbon::now() calls instead of now() helper
- Update API docs
This commit is contained in:
Hermes Agent
2026-05-20 17:57:18 +02:00
parent af2b179a49
commit f68400e282
6 changed files with 170 additions and 26 deletions

View File

@@ -5,11 +5,12 @@ declare(strict_types=1);
require __DIR__ . '/../vendor/autoload.php';
use App\Config\Container;
use Symfony\Component\Dotenv\Dotenv;
// Load .env file safely
$envFile = __DIR__ . '/../.env';
if (file_exists($envFile)) {
$dotenv = new \Symfony\Component\Dotenv\Dotenv();
$dotenv = new Dotenv();
$dotenv->load($envFile);
}