vikunja/pkg/routes/api
kolaente 7c11c2dc29 feat(api/v2): port refresh-token endpoint to /api/v2
POST /api/v2/user/token/refresh reads the HttpOnly refresh cookie, rotates
the session, mints a new JWT, and sets the new cookie — reusing the shared
auth.RefreshSession core (no v1 change) and the #2912 cookie helpers /
authTokenBody response shape. The cookie is set via the unwrapped echo ctx,
not the OpenAPI spec.

translateDomainError now maps *echo.HTTPError (which RefreshSession returns
for missing/invalid/expired/replayed tokens) so those land as the right
status instead of a 500. Completes the v1→v2 REST migration.
2026-06-17 20:34:38 +00:00
..
shared fix(auth): return ErrAccountLocked for locked accounts on login 2026-06-17 19:43:41 +00:00
v1 refactor(auth): extract transport-agnostic login, logout and OIDC cores 2026-06-17 19:43:41 +00:00
v2 feat(api/v2): port refresh-token endpoint to /api/v2 2026-06-17 20:34:38 +00:00