From 96e6523d46476248e5151ced8f257b906105e1ed Mon Sep 17 00:00:00 2001
From: nquidox <nquidox@gmail.com>
Date: Wed, 10 Sep 2025 22:17:06 +0300
Subject: [PATCH] return access and refresh tokens

---
 internal/api/user/controller.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/internal/api/user/controller.go b/internal/api/user/controller.go
index ec04b68..bba9351 100644
--- a/internal/api/user/controller.go
+++ b/internal/api/user/controller.go
@@ -167,7 +167,7 @@ func (co *controller) delete(c *gin.Context) {
 // @Tags			Users - auth
 // @Accept			json
 // @Param			body	body	Login	true	"логин"
-// @Success		200			{object} LoginResponse
+// @Success		200			{object}	LoginResponse
 // @Failure		400			{object}	responses.ErrorResponse400
 // @Failure		500			{object}	responses.ErrorResponse500
 // @Router			/user/login	[post]
@@ -229,7 +229,7 @@ func (co *controller) logout(c *gin.Context) {
 // @Description	Принимает рефреш токен в заголовке Authorization
 // @Tags			Users - auth
 // @Security		BearerAuth
-// @Success		200
+// @Success		200			{object}	LoginResponse
 // @Failure		400				{object}	responses.ErrorResponse400s
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/refresh	[post]
@@ -249,5 +249,15 @@ func (co *controller) refresh(c *gin.Context) {
 		return
 	}
 
-	c.JSON(http.StatusOK, response)
+	c.SetCookie(
+		response.RefreshCookie.Name,
+		response.RefreshCookie.Value,
+		int(time.Until(response.RefreshCookie.Expires).Seconds()),
+		co.authPath,
+		"",
+		response.RefreshCookie.Secure,
+		response.RefreshCookie.HttpOnly,
+	)
+
+	c.JSON(http.StatusOK, LoginResponse{AccessToken: response.AccessToken})
 }