add service

internal/repository/interfaces.go

@@ -26,6 +26,7 @@ type SessionRepository interface {
 	Create(ctx context.Context, session *model.Session) error
 	FindByRefreshToken(ctx context.Context, token string) (*model.Session, error)
 	UpdateAccessToken(ctx context.Context, refreshToken, newAccessToken string) error
+	UpdateTokens(ctx context.Context, oldRefreshToken, newAccessToken, newRefreshToken string) error
 	Revoke(ctx context.Context, refreshToken string) error
 	RevokeByAccessToken(ctx context.Context, accessToken string) error
 	IsAccessTokenValid(ctx context.Context, accessToken string) (bool, error)

internal/repository/session.go

@@ -96,6 +96,32 @@ func (r *sessionRepository) UpdateAccessToken(ctx context.Context, refreshToken,
 	return nil
 }
 
+func (r *sessionRepository) UpdateTokens(ctx context.Context, oldRefreshToken, newAccessToken, newRefreshToken string) error {
+	query := r.qb.Update("sessions").
+		Set("access_token", newAccessToken).
+		Set("refresh_token", newRefreshToken).
+		Where(sq.And{
+			sq.Eq{"refresh_token": oldRefreshToken},
+			sq.Expr("revoked_at IS NULL"),
+		})
+
+	sqlQuery, args, err := query.ToSql()
+	if err != nil {
+		return errs.NewInternalError(errs.DatabaseError, "failed to build query", err)
+	}
+
+	result, err := r.pool.Exec(ctx, sqlQuery, args...)
+	if err != nil {
+		return errs.NewInternalError(errs.DatabaseError, "failed to update tokens", err)
+	}
+
+	if result.RowsAffected() == 0 {
+		return errs.NewBusinessError(errs.RefreshInvalid, "refresh token is invalid or already used")
+	}
+
+	return nil
+}
+
 func (r *sessionRepository) Revoke(ctx context.Context, refreshToken string) error {
 	query := r.qb.Update("sessions").
 		Set("revoked_at", time.Now()).