fix: fixing auth logic

config/env_config.go

@@ -23,6 +23,7 @@ type EnvConfig interface {
 	GetSupabaseURL() string
 	GetSupabaseKey() string
 	GetSupabaseBucket() string
+	GetRegisterEnabled() bool
 }
 
 type envConfig struct {
@@ -105,3 +106,8 @@ func (e *envConfig) GetSupabaseKey() string {
 func (e *envConfig) GetSupabaseBucket() string {
 	return strings.TrimSpace(os.Getenv("SUPABASE_BUCKET_NAME"))
 }
+
+func (e *envConfig) GetRegisterEnabled() bool {
+	val := os.Getenv("REGISTER_ENABLED")
+	return val == "true" || val == "1"
+}

controllers/admin_controller.go

@@ -14,6 +14,8 @@ type AdminController interface {
 	CreateUser(ctx *gin.Context)
 	UpdateUser(ctx *gin.Context)
 	DeleteUser(ctx *gin.Context)
+	RegisterEnabled(ctx *gin.Context)
+	SetRegistrationEnabled(ctx *gin.Context)
 }
 
 type adminController struct {
@@ -109,3 +111,42 @@ func (c *adminController) DeleteUser(ctx *gin.Context) {
 	}
 	utils.SendResponse[any, any](ctx, nil, nil, nil)
 }
+
+// RegisterEnabled godoc
+// @Summary      Check if registration is enabled
+// @Description  Check if user registration is enabled
+// @Tags         admin
+// @Security     BearerAuth
+// @Success      200  {object}  dto.RegisterEnabledResponse
+// @Router       /admin/register_enabled [get]
+func (c *adminController) RegisterEnabled(ctx *gin.Context) {
+	utils.SendResponse[dto.RegisterEnabledResponse, any](ctx, nil, dto.RegisterEnabledResponse{
+		Register: c.adminService.IsRegisterEnabled(),
+	}, nil)
+}
+
+// SetRegistrationEnabled godoc
+// @Summary      Toggle registration enabled
+// @Description  Enable or disable user registration
+// @Tags         admin
+// @Security     BearerAuth
+// @Accept       json
+// @Param        request body dto.SetRegistrationRequest true "Set Registration Request"
+// @Success      200  {object}  dto.RegisterEnabledResponse
+// @Router       /admin/set_registration [post]
+func (c *adminController) SetRegistrationEnabled(ctx *gin.Context) {
+	var req dto.SetRegistrationRequest
+	if err := ctx.ShouldBindJSON(&req); err != nil {
+		utils.SendResponse[any, any](ctx, nil, nil, err)
+		return
+	}
+
+	if err := c.adminService.SetRegistrationEnabled(req.Enabled); err != nil {
+		utils.SendResponse[any, any](ctx, nil, nil, err)
+		return
+	}
+
+	utils.SendResponse[dto.RegisterEnabledResponse, any](ctx, nil, dto.RegisterEnabledResponse{
+		Register: req.Enabled,
+	}, nil)
+}

controllers/auth_controller.go

@@ -52,8 +52,8 @@ func (c *authController) Register(ctx *gin.Context) {
 		return
 	}
 
-	ctx.SetSameSite(http.SameSiteNoneMode)
-	ctx.SetCookie("RefreshToken", resp.RefreshToken, 3600*24*7, "/api/auth", "", true, true)
+	ctx.SetSameSite(http.SameSiteLaxMode)
+	ctx.SetCookie("RefreshToken", resp.RefreshToken, 3600*24*7, "/", "", false, true)
 
 	utils.SendResponse[dto.AuthResponse, any](ctx, nil, *resp, nil)
 }
@@ -81,8 +81,8 @@ func (c *authController) Login(ctx *gin.Context) {
 		return
 	}
 
-	ctx.SetSameSite(http.SameSiteNoneMode)
-	ctx.SetCookie("RefreshToken", resp.RefreshToken, 3600*24*7, "/api/auth", "", true, true)
+	ctx.SetSameSite(http.SameSiteLaxMode)
+	ctx.SetCookie("RefreshToken", resp.RefreshToken, 3600*24*7, "/", "", false, true)
 
 	utils.SendResponse[dto.AuthResponse, any](ctx, nil, *resp, nil)
 }
@@ -112,10 +112,11 @@ func (c *authController) Logout(ctx *gin.Context) {
 		_ = c.authService.Logout(tokenString, refreshToken)
 	}
 
-	ctx.SetSameSite(http.SameSiteNoneMode)
-	ctx.SetSameSite(http.SameSiteNoneMode)
-	ctx.SetCookie("RefreshToken", "", -1, "/api/auth", "", true, true)
-	utils.SendResponse[any, any](ctx, nil, nil, nil)
+	ctx.SetSameSite(http.SameSiteLaxMode)
+	ctx.SetCookie("RefreshToken", "", -1, "/", "", false, true)
+	utils.SendResponse[dto.LogoutResponse, any](ctx, nil, dto.LogoutResponse{
+		SuccessMsg: "Logout successful",
+	}, nil)
 }
 
 // RefreshToken godoc
@@ -135,16 +136,19 @@ func (c *authController) RefreshToken(ctx *gin.Context) {
 
 	newAccessToken, newRefreshToken, err := c.authService.RefreshToken(refreshToken)
 	if err != nil {
-		ctx.SetCookie("RefreshToken", "", -1, "/api/auth", "", true, true)
+		ctx.SetCookie("RefreshToken", "", -1, "/", "", false, true)
 		utils.SendResponse[any, any](ctx, nil, nil, err)
 		return
 	}
 
-	ctx.SetSameSite(http.SameSiteNoneMode)
-	ctx.SetCookie("RefreshToken", newRefreshToken, 3600*24*7, "/api/auth", "", true, true)
+	// Only set refresh token cookie if a new one was issued
+	if newRefreshToken != "" {
+		ctx.SetSameSite(http.SameSiteLaxMode)
+		ctx.SetCookie("RefreshToken", newRefreshToken, 3600*24*7, "/", "", false, true)
+	}
 
 	utils.SendResponse[dto.AuthResponse, any](ctx, nil, dto.AuthResponse{
-		Token: newAccessToken,
+		AccessToken: newAccessToken,
 	}, nil)
 }
 

controllers/chat_controller.go

@@ -64,7 +64,6 @@ func (c *chatController) FetchContacts(ctx *gin.Context) {
 // @Accept       json
 // @Produce      json
 // @Param        request body dto.SendMessageRequest true "Send Message Request"
-// @Param 		 X-CSRF-Token header string true "CSRF Protection Token"
 // @Success      200  {object}  dto.SendMessageResponse
 // @Failure      401  {object}  dto.ErrorResponse
 // @Failure      400  {object}  dto.ErrorResponse

controllers/connection_controller.go

@@ -33,7 +33,6 @@ func NewConnectionController(connectionService services.ConnectionService) Conne
 // @Accept       json
 // @Produce      json
 // @Param        request body dto.ConnectRequest true "Connect Request"
-// @Param 		 X-CSRF-Token header string true "CSRF Protection Token"
 // @Success      200  {object}  dto.ConnectResponse
 // @Failure      401  {object}  dto.ErrorResponse
 // @Failure      500  {object}  dto.ErrorResponse

docs/docs.go

@@ -103,6 +103,28 @@ const docTemplate = `{
                 }
             }
         },
+        "/admin/register_enabled": {
+            "get": {
+                "security": [
+                    {
+                        "BearerAuth": []
+                    }
+                ],
+                "description": "Check if user registration is enabled",
+                "tags": [
+                    "admin"
+                ],
+                "summary": "Check if registration is enabled",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/dto.RegisterEnabledResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/admin/update": {
             "post": {
                 "security": [
@@ -345,7 +367,7 @@ const docTemplate = `{
                 }
             }
         },
-        "/chat/fetch": {
+        "/chat/contacts": {
             "get": {
                 "security": [
                     {
@@ -412,13 +434,6 @@ const docTemplate = `{
                         "schema": {
                             "$ref": "#/definitions/dto.SendMessageRequest"
                         }
-                    },
-                    {
-                        "type": "string",
-                        "description": "CSRF Protection Token",
-                        "name": "X-CSRF-Token",
-                        "in": "header",
-                        "required": true
                     }
                 ],
                 "responses": {
@@ -470,13 +485,6 @@ const docTemplate = `{
                         "schema": {
                             "$ref": "#/definitions/dto.ConnectRequest"
                         }
-                    },
-                    {
-                        "type": "string",
-                        "description": "CSRF Protection Token",
-                        "name": "X-CSRF-Token",
-                        "in": "header",
-                        "required": true
                     }
                 ],
                 "responses": {
@@ -561,7 +569,10 @@ const docTemplate = `{
         "dto.AuthResponse": {
             "type": "object",
             "properties": {
-                "token": {
+                "access_token": {
+                    "type": "string"
+                },
+                "success_msg": {
                     "type": "string"
                 },
                 "user_id": {
@@ -712,6 +723,14 @@ const docTemplate = `{
                 }
             }
         },
+        "dto.RegisterEnabledResponse": {
+            "type": "object",
+            "properties": {
+                "register": {
+                    "type": "boolean"
+                }
+            }
+        },
         "dto.RegisterRequest": {
             "type": "object",
             "required": [
@@ -808,7 +827,7 @@ const docTemplate = `{
 // SwaggerInfo holds exported Swagger Info so clients can modify it
 var SwaggerInfo = &swag.Spec{
 	Version:          "1.0",
-	Host:             "localhost:8080",
+	Host:             "",
 	BasePath:         "/api",
 	Schemes:          []string{},
 	Title:            "Whatsapp Backend API",

docs/swagger.json

@@ -15,7 +15,6 @@
         },
         "version": "1.0"
     },
-    "host": "localhost:8080",
     "basePath": "/api",
     "paths": {
         "/admin/create": {
@@ -97,6 +96,28 @@
                 }
             }
         },
+        "/admin/register_enabled": {
+            "get": {
+                "security": [
+                    {
+                        "BearerAuth": []
+                    }
+                ],
+                "description": "Check if user registration is enabled",
+                "tags": [
+                    "admin"
+                ],
+                "summary": "Check if registration is enabled",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "$ref": "#/definitions/dto.RegisterEnabledResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/admin/update": {
             "post": {
                 "security": [
@@ -339,7 +360,7 @@
                 }
             }
         },
-        "/chat/fetch": {
+        "/chat/contacts": {
             "get": {
                 "security": [
                     {
@@ -406,13 +427,6 @@
                         "schema": {
                             "$ref": "#/definitions/dto.SendMessageRequest"
                         }
-                    },
-                    {
-                        "type": "string",
-                        "description": "CSRF Protection Token",
-                        "name": "X-CSRF-Token",
-                        "in": "header",
-                        "required": true
                     }
                 ],
                 "responses": {
@@ -464,13 +478,6 @@
                         "schema": {
                             "$ref": "#/definitions/dto.ConnectRequest"
                         }
-                    },
-                    {
-                        "type": "string",
-                        "description": "CSRF Protection Token",
-                        "name": "X-CSRF-Token",
-                        "in": "header",
-                        "required": true
                     }
                 ],
                 "responses": {
@@ -555,7 +562,10 @@
         "dto.AuthResponse": {
             "type": "object",
             "properties": {
-                "token": {
+                "access_token": {
+                    "type": "string"
+                },
+                "success_msg": {
                     "type": "string"
                 },
                 "user_id": {
@@ -706,6 +716,14 @@
                 }
             }
         },
+        "dto.RegisterEnabledResponse": {
+            "type": "object",
+            "properties": {
+                "register": {
+                    "type": "boolean"
+                }
+            }
+        },
         "dto.RegisterRequest": {
             "type": "object",
             "required": [

docs/swagger.yaml

@@ -12,7 +12,9 @@ definitions:
     type: object
   dto.AuthResponse:
     properties:
-      token:
+      access_token:
+        type: string
+      success_msg:
         type: string
       user_id:
         type: string
@@ -112,6 +114,11 @@ definitions:
       username:
         type: string
     type: object
+  dto.RegisterEnabledResponse:
+    properties:
+      register:
+        type: boolean
+    type: object
   dto.RegisterRequest:
     properties:
       password:
@@ -168,7 +175,6 @@ definitions:
       username:
         type: string
     type: object
-host: localhost:8080
 info:
   contact:
     email: support@swagger.io
@@ -231,6 +237,19 @@ paths:
       summary: Delete a user (Admin)
       tags:
       - admin
+  /admin/register_enabled:
+    get:
+      description: Check if user registration is enabled
+      responses:
+        "200":
+          description: OK
+          schema:
+            $ref: '#/definitions/dto.RegisterEnabledResponse'
+      security:
+      - BearerAuth: []
+      summary: Check if registration is enabled
+      tags:
+      - admin
   /admin/update:
     post:
       consumes:
@@ -382,7 +401,7 @@ paths:
       summary: Register a new user
       tags:
       - auth
-  /chat/fetch:
+  /chat/contacts:
     get:
       consumes:
       - application/json
@@ -419,11 +438,6 @@ paths:
         required: true
         schema:
           $ref: '#/definitions/dto.SendMessageRequest'
-      - description: CSRF Protection Token
-        in: header
-        name: X-CSRF-Token
-        required: true
-        type: string
       produces:
       - application/json
       responses:
@@ -457,11 +471,6 @@ paths:
         required: true
         schema:
           $ref: '#/definitions/dto.ConnectRequest'
-      - description: CSRF Protection Token
-        in: header
-        name: X-CSRF-Token
-        required: true
-        type: string
       produces:
       - application/json
       responses:

middleware/auth_middleware.go

@@ -44,12 +44,6 @@ func (m *authMiddleware) RequireAuth() gin.HandlerFunc {
 			return
 		}
 
-		if m.authRepo.IsTokenRevoked(tokenString) {
-			utils.SendResponse[any, any](ctx, nil, nil, http_error.UNAUTHORIZED)
-			ctx.Abort()
-			return
-		}
-
 		token, err := jwt.ParseWithClaims(tokenString, &utils.JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
 			return []byte(m.jwtConfig.GetSecretKey()), nil
 		})

models/dto/auth_dto.go

@@ -13,10 +13,23 @@ type LoginRequest struct {
 }
 
 type AuthResponse struct {
-	Token        string    `json:"token,omitempty"`
+	AccessToken  string    `json:"access_token,omitempty"`
+	SuccessMsg   string    `json:"success_msg,omitempty"`
 	RefreshToken string    `json:"-"`
-	UserID       uuid.UUID `json:"user_id"`
-	Username     string    `json:"username"`
+	UserID       uuid.UUID `json:"user_id,omitempty"`
+	Username     string    `json:"username,omitempty"`
+}
+
+type RegisterEnabledResponse struct {
+	Register bool `json:"register"`
+}
+
+type LogoutResponse struct {
+	SuccessMsg string `json:"success_msg"`
+}
+
+type SetRegistrationRequest struct {
+	Enabled bool `json:"enabled"`
 }
 
 type MeResponse struct {

models/entity/entity.go

@@ -31,7 +31,6 @@ type User struct {
 	DeletedAt gorm.DeletedAt `gorm:"index" json:"deleted_at"`
 }
 
-
 func (User) TableName() string {
 	return "users"
 }
@@ -48,13 +47,11 @@ func (RefreshToken) TableName() string {
 	return "refresh_tokens"
 }
 
-type RevokedToken struct {
-	ID        uuid.UUID `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`
-	Token     string    `gorm:"uniqueIndex;not null" json:"token"`
-	RevokedAt time.Time `json:"revoked_at"`
-	ExpiresAt time.Time `json:"expires_at"`
+type Settings struct {
+	ID                  uint `gorm:"primaryKey" json:"id"`
+	RegistrationEnabled bool `gorm:"default:true" json:"registration_enabled"`
 }
 
-func (RevokedToken) TableName() string {
-	return "revoked_tokens"
+func (Settings) TableName() string {
+	return "settings"
 }

models/error/error.go

@@ -32,6 +32,7 @@ var (
 	ERR_TOKEN_GENERATION_FAILED = errors.New("Failed to generate token")
 	ERR_USER_NOT_FOUND          = errors.New("User not found")
 	ERR_WRONG_PASSWORD          = errors.New("Wrong password")
+	ERR_REGISTRATION_DISABLED   = errors.New("Registration is currently disabled")
 
 	// WhatsApp Connection Errors
 	ERR_INVALID_ACCOUNT_ID       = errors.New("Invalid account ID format")

provider/provider.go

@@ -35,8 +35,8 @@ func NewAppProvider() AppProvider {
 	_ = configProvider.ProvideDatabaseConfig().AutoMigrateAll(
 		&entity.WhatsAppAccount{},
 		&entity.User{},
-		&entity.RevokedToken{},
 		&entity.RefreshToken{},
+		&entity.Settings{},
 	)
 
 	return &appProvider{

provider/services_provider.go

@@ -18,9 +18,9 @@ type servicesProvider struct {
 
 func NewServicesProvider(repoProvider RepositoriesProvider, configProvider ConfigProvider) ServicesProvider {
 	connectionService := services.NewConnectionService(repoProvider.ProvideConnectionRepository())
-	authService := services.NewAuthService(repoProvider.ProvideAuthRepository(), repoProvider.ProvideConnectionRepository(), configProvider.ProvideJWTConfig())
+	authService := services.NewAuthService(repoProvider.ProvideAuthRepository(), repoProvider.ProvideConnectionRepository(), configProvider.ProvideJWTConfig(), configProvider.ProvideEnvConfig())
 	chatService := services.NewChatService(connectionService, repoProvider.ProvideChatRepository())
-	adminService := services.NewAdminService(repoProvider.ProvideAuthRepository())
+	adminService := services.NewAdminService(repoProvider.ProvideAuthRepository(), configProvider.ProvideEnvConfig())
 
 	return &servicesProvider{
 		connectionService: connectionService,

repositories/auth_repository.go

@@ -12,13 +12,14 @@ type AuthRepository interface {
 	CreateUser(user *entity.User) error
 	FindUserByUsername(username string) (*entity.User, error)
 	FindUserByID(id uuid.UUID) (*entity.User, error)
-	RevokeToken(token string, expiresAt time.Time) error
-	IsTokenRevoked(token string) bool
 	StoreRefreshToken(userID uuid.UUID, token string, expiresAt time.Time) error
 	GetRefreshToken(token string) (*entity.RefreshToken, error)
 	RevokeRefreshToken(token string) error
+	RevokeAllUserRefreshTokens(userID uuid.UUID) error
 	UpdateUser(user *entity.User) error
 	DeleteUser(id uuid.UUID) error
+	GetSettings() (*entity.Settings, error)
+	SetRegistrationEnabled(enabled bool) error
 }
 
 type authRepository struct {
@@ -49,21 +50,6 @@ func (r *authRepository) FindUserByID(id uuid.UUID) (*entity.User, error) {
 	return &user, nil
 }
 
-func (r *authRepository) RevokeToken(token string, expiresAt time.Time) error {
-	revokedToken := entity.RevokedToken{
-		Token:     token,
-		RevokedAt: time.Now(),
-		ExpiresAt: expiresAt,
-	}
-	return r.db.Create(&revokedToken).Error
-}
-
-func (r *authRepository) IsTokenRevoked(token string) bool {
-	var count int64
-	r.db.Model(&entity.RevokedToken{}).Where("token = ?", token).Count(&count)
-	return count > 0
-}
-
 func (r *authRepository) StoreRefreshToken(userID uuid.UUID, token string, expiresAt time.Time) error {
 	refreshToken := entity.RefreshToken{
 		UserID:    userID,
@@ -86,6 +72,10 @@ func (r *authRepository) RevokeRefreshToken(token string) error {
 	return r.db.Where("token = ?", token).Delete(&entity.RefreshToken{}).Error
 }
 
+func (r *authRepository) RevokeAllUserRefreshTokens(userID uuid.UUID) error {
+	return r.db.Where("user_id = ?", userID).Delete(&entity.RefreshToken{}).Error
+}
+
 func (r *authRepository) UpdateUser(user *entity.User) error {
 	return r.db.Save(user).Error
 }
@@ -93,3 +83,22 @@ func (r *authRepository) UpdateUser(user *entity.User) error {
 func (r *authRepository) DeleteUser(id uuid.UUID) error {
 	return r.db.Delete(&entity.User{}, id).Error
 }
+
+func (r *authRepository) GetSettings() (*entity.Settings, error) {
+	var settings entity.Settings
+	if err := r.db.First(&settings).Error; err != nil {
+		settings = entity.Settings{ID: 1, RegistrationEnabled: true}
+		r.db.Create(&settings)
+	}
+	return &settings, nil
+}
+
+func (r *authRepository) SetRegistrationEnabled(enabled bool) error {
+	var settings entity.Settings
+	if err := r.db.First(&settings).Error; err != nil {
+		settings = entity.Settings{ID: 1, RegistrationEnabled: enabled}
+		return r.db.Create(&settings).Error
+	}
+	settings.RegistrationEnabled = enabled
+	return r.db.Save(&settings).Error
+}

router/admin_router.go

@@ -18,5 +18,7 @@ func AdminRouter(router *gin.Engine, controller provider.ControllerProvider, mid
 		routerGroup.POST("/create", adminController.CreateUser)
 		routerGroup.POST("/update", adminController.UpdateUser)
 		routerGroup.POST("/delete", adminController.DeleteUser)
+		routerGroup.GET("/register_enabled", adminController.RegisterEnabled)
+		routerGroup.POST("/set_registration", adminController.SetRegistrationEnabled)
 	}
 }

router/auth_router.go

@@ -1,8 +1,9 @@
 package router
 
 import (
-	"whatsapp-backend/provider"
 	models "whatsapp-backend/models/entity"
+	"whatsapp-backend/provider"
+
 	"github.com/gin-contrib/gzip"
 	"github.com/gin-gonic/gin"
 )
@@ -15,7 +16,7 @@ func AuthRouter(router *gin.Engine, controller provider.ControllerProvider, midd
 		routerGroup.POST("/register", authController.Register)
 		routerGroup.POST("/login", authController.Login)
 		routerGroup.POST("/logout", middleware.ProvideAuthMiddleware().RequireAuth(), authController.Logout)
-		routerGroup.POST("/refresh", middleware.ProvideAuthMiddleware().RequireAuth(), authController.RefreshToken)
+		routerGroup.POST("/refresh", authController.RefreshToken)
 		routerGroup.GET("/me", middleware.ProvideAuthMiddleware().RequireAuth(), authController.Me)
 		routerGroup.POST("/assign", middleware.ProvideAuthMiddleware().RequireAuth(), middleware.ProvideAuthMiddleware().RequireRole(models.RoleSuperAdmin), authController.AssignRole)
 	}

services/admin_service.go

@@ -1,6 +1,7 @@
 package services
 
 import (
+	"whatsapp-backend/config"
 	"whatsapp-backend/models/dto"
 	entity "whatsapp-backend/models/entity"
 	http_error "whatsapp-backend/models/error"
@@ -14,15 +15,19 @@ type AdminService interface {
 	CreateUser(req dto.CreateUserRequest) (*dto.UserResponse, error)
 	UpdateUser(req dto.UpdateUserRequest) (*dto.UserResponse, error)
 	DeleteUser(userID uuid.UUID) error
+	IsRegisterEnabled() bool
+	SetRegistrationEnabled(enabled bool) error
 }
 
 type adminService struct {
-	authRepo repositories.AuthRepository
+	authRepo  repositories.AuthRepository
+	envConfig config.EnvConfig
 }
 
-func NewAdminService(authRepo repositories.AuthRepository) AdminService {
+func NewAdminService(authRepo repositories.AuthRepository, envConfig config.EnvConfig) AdminService {
 	return &adminService{
-		authRepo: authRepo,
+		authRepo:  authRepo,
+		envConfig: envConfig,
 	}
 }
 
@@ -88,3 +93,15 @@ func (s *adminService) DeleteUser(userID uuid.UUID) error {
 	}
 	return s.authRepo.DeleteUser(userID)
 }
+
+func (s *adminService) IsRegisterEnabled() bool {
+	settings, _ := s.authRepo.GetSettings()
+	if settings == nil {
+		return true 
+	}
+	return settings.RegistrationEnabled
+}
+
+func (s *adminService) SetRegistrationEnabled(enabled bool) error {
+	return s.authRepo.SetRegistrationEnabled(enabled)
+}

services/auth_service.go

@@ -26,17 +26,25 @@ type authService struct {
 	authRepo       repositories.AuthRepository
 	connectionRepo repositories.ConnectionRepository
 	jwtConfig      config.JWTConfig
+	envConfig      config.EnvConfig
 }
 
-func NewAuthService(authRepo repositories.AuthRepository, connectionRepo repositories.ConnectionRepository, jwtConfig config.JWTConfig) AuthService {
+func NewAuthService(authRepo repositories.AuthRepository, connectionRepo repositories.ConnectionRepository, jwtConfig config.JWTConfig, envConfig config.EnvConfig) AuthService {
 	return &authService{
 		authRepo:       authRepo,
 		connectionRepo: connectionRepo,
 		jwtConfig:      jwtConfig,
+		envConfig:      envConfig,
 	}
 }
 
 func (s *authService) Register(req dto.RegisterRequest) (*dto.AuthResponse, error) {
+	// Check if registration is enabled
+	settings, _ := s.authRepo.GetSettings()
+	if settings != nil && !settings.RegistrationEnabled {
+		return nil, http_error.ERR_REGISTRATION_DISABLED
+	}
+
 	if _, err := s.authRepo.FindUserByUsername(req.Username); err == nil {
 		return nil, http_error.ERR_USER_ALREADY_EXISTS
 	}
@@ -66,12 +74,16 @@ func (s *authService) Register(req dto.RegisterRequest) (*dto.AuthResponse, erro
 		return nil, http_error.ERR_TOKEN_GENERATION_FAILED
 	}
 
+	// Revoke any existing refresh tokens for this user
+	_ = s.authRepo.RevokeAllUserRefreshTokens(user.ID)
+
 	if err := s.authRepo.StoreRefreshToken(user.ID, refreshToken, time.Now().Add(time.Hour*24*7)); err != nil {
 		return nil, err
 	}
 
 	return &dto.AuthResponse{
-		Token:        accessToken,
+		AccessToken:  accessToken,
+		SuccessMsg:   "Registration successful",
 		RefreshToken: refreshToken,
 		UserID:       user.ID,
 		Username:     user.Username,
@@ -98,12 +110,16 @@ func (s *authService) Login(req dto.LoginRequest) (*dto.AuthResponse, error) {
 		return nil, http_error.ERR_TOKEN_GENERATION_FAILED
 	}
 
+	// Revoke any existing refresh tokens for this user
+	_ = s.authRepo.RevokeAllUserRefreshTokens(user.ID)
+
 	if err := s.authRepo.StoreRefreshToken(user.ID, refreshToken, time.Now().Add(time.Hour*24*7)); err != nil {
 		return nil, err
 	}
 
 	return &dto.AuthResponse{
-		Token:        accessToken,
+		AccessToken:  accessToken,
+		SuccessMsg:   "Login successful",
 		RefreshToken: refreshToken,
 		UserID:       user.ID,
 		Username:     user.Username,
@@ -141,9 +157,6 @@ func (s *authService) GetMe(userID uuid.UUID) (*dto.MeResponse, error) {
 }
 
 func (s *authService) Logout(token, refreshToken string) error {
-	accessExpiresAt := time.Now().Add(time.Minute * 15)
-	_ = s.authRepo.RevokeToken(token, accessExpiresAt)
-
 	if refreshToken != "" {
 		return s.authRepo.RevokeRefreshToken(refreshToken)
 	}
@@ -166,7 +179,17 @@ func (s *authService) RefreshToken(refreshToken string) (string, string, error)
 		return "", "", http_error.ERR_TOKEN_GENERATION_FAILED
 	}
 
-	return newAccessToken, refreshToken, nil
+	// Only rotate refresh token if it's close to expiring (within 1 day)
+	newRefreshToken := ""
+	if time.Until(storedToken.ExpiresAt) < 24*time.Hour {
+		newRefreshToken, _ = utils.GenerateRefreshToken()
+		if newRefreshToken != "" {
+			_ = s.authRepo.RevokeRefreshToken(refreshToken)
+			_ = s.authRepo.StoreRefreshToken(user.ID, newRefreshToken, time.Now().Add(time.Hour*24*7))
+		}
+	}
+
+	return newAccessToken, newRefreshToken, nil
 }
 
 func (s *authService) AssignRole(userID uuid.UUID, role string) error {