indefinite jwt expiration set

server/src/auth/docs/reg_log.txt

@@ -0,0 +1,51 @@
+❯ grpcurl -plaintext -d '{
+  "username": "testuser3",
+  "email": "test3@example.com",
+  "password": "your_password",
+  "password_confirmation": "your_password"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "96d2fd35-b39d-4c05-916a-66134453d34c",
+  "username": "testuser3",
+  "email": "test3@example.com",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "identifier": "testuser3"
+}' localhost:50051 multieko2.auth.AuthService/Login
+ERROR:
+  Code: Unauthenticated
+  Message: Invalid credentials
+❯ grpcurl -plaintext -d '{
+  "identifier": "testuser3",
+  "password": "your_password"
+}' localhost:50051 multieko2.auth.AuthService/Login
+{
+  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI5NmQyZmQzNS1iMzlkLTRjMDUtOTE2YS02NjEzNDQ1M2QzNGMiLCJleHAiOjE3NDI5ODE2MTAsInJvbGUiOiJhY2NvdW50YW50In0.78VIR3X4QZohzeI5x3xmkmqcICTusOC6PELPohMV-k8",
+  "tokenType": "Bearer",
+  "expiresIn": 86400,
+  "userId": "96d2fd35-b39d-4c05-916a-66134453d34c",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "username": "testuser4",
+  "email": "test4@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Register
+{
+  "id": "413d7ecc-f231-48af-8c5a-566b1dc2bf0b",
+  "username": "testuser4",
+  "email": "test4@example.com",
+  "role": "accountant"
+}
+❯ grpcurl -plaintext -d '{
+  "identifier": "test4@example.com"
+}' localhost:50051 multieko2.auth.AuthService/Login
+{
+  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MTNkN2VjYy1mMjMxLTQ4YWYtOGM1YS01NjZiMWRjMmJmMGIiLCJleHAiOjE3NDI5ODE3MDEsInJvbGUiOiJhY2NvdW50YW50In0.4Hzu3tTZRNGHnBSgeCbGy2tFTl8EzpPdXBhcW8kuIc8",
+  "tokenType": "Bearer",
+  "expiresIn": 86400,
+  "userId": "413d7ecc-f231-48af-8c5a-566b1dc2bf0b",
+  "role": "accountant"
+}
+╭─     ~/Doc/pr/multieko2/server     auth ······ ✔
+╰─

server/src/auth/logic.rs

@@ -2,6 +2,8 @@
 
 pub mod jwt;
 pub mod middleware;
+// TODO implement RBAC on all of the endpoints
+// pub mod rbac;
 
 pub use jwt::*;
 pub use middleware::*;

server/src/auth/logic/jwt.rs

@@ -35,7 +35,7 @@ pub fn init_jwt() -> Result<(), AuthError> {
 pub fn generate_token(user_id: Uuid, role: &str) -> Result<String, AuthError> {
     let keys = KEYS.get().ok_or(AuthError::ConfigError("JWT not initialized".to_string()))?;
     
-    let exp = OffsetDateTime::now_utc() + Duration::hours(24);
+    let exp = OffsetDateTime::now_utc() + Duration::days(365000);
     let claims = Claims {
         sub: user_id,
         exp: exp.unix_timestamp(),

server/src/auth/logic/rbac.rs

@@ -0,0 +1,36 @@
+// src/auth/logic/rbac.rs
+
+use tower::ServiceBuilder;
+use crate::auth::logic::rbac;
+
+pub async fn run_server(db_pool: sqlx::PgPool) -> Result<(), Box<dyn std::error::Error>> {
+    // ... existing setup code ...
+
+    // Create service layers
+    let adresar_layer = ServiceBuilder::new()
+        .layer(rbac::create_adresar_layer())
+        .into_inner();
+
+    let uctovnictvo_layer = ServiceBuilder::new()
+        .layer(rbac::create_uctovnictvo_layer())
+        .into_inner();
+
+    // Create services with layers
+    let adresar_service = AdresarServer::new(AdresarService { db_pool: db_pool.clone() })
+        .layer(adresar_layer);
+
+    let uctovnictvo_service = UctovnictvoServer::new(UctovnictvoService { db_pool: db_pool.clone() })
+        .layer(uctovnictvo_layer);
+
+    // ... repeat for other services ...
+
+    Server::builder()
+        .add_service(auth_server)
+        .add_service(adresar_service)
+        .add_service(uctovnictvo_service)
+        // ... other services ...
+        .serve(addr)
+        .await?;
+
+    Ok(())
+}