Fix: rotate access token and add test

middlewares/checkAccessToken.go

@@ -30,7 +30,8 @@ func refreshAccessToken(
 		return "", types.ContextNotExistError
 	}
 
-	session, err := db.GetSession(ctx, refreshTokenClaim.UserId)
+	session, err := db.GetSessionByUserId(ctx,
+		refreshTokenClaim.UserId)
 	if err != nil {
 		tracing.Logger.Ctx(ctx).
 			Warn("session not exist", zap.Error(err))
@@ -68,7 +69,7 @@ func (self *Handlers) CheckAccessToken(
 			if err != nil {
 				return HTTPError{
 					StatusCode:  http.StatusUnauthorized,
-					Message:     "access token refresh failed",
+					Message:     "failed to refresh access token",
 					OriginError: err,
 				}
 			}
@@ -86,7 +87,7 @@ func (self *Handlers) CheckAccessToken(
 			if err != nil {
 				return HTTPError{
 					StatusCode:  http.StatusUnauthorized,
-					Message:     "access token refresh failed",
+					Message:     "failed to refresh access token",
 					OriginError: err,
 				}
 			}

middlewares/checkRefreshToken.go

@@ -6,10 +6,12 @@ import (
 	"time"
 
 	"gitea.konchin.com/go2025/backend/models"
+	"gitea.konchin.com/go2025/backend/tracing"
 	"gitea.konchin.com/go2025/backend/types"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/spf13/viper"
 	"github.com/uptrace/bunrouter"
+	"go.uber.org/zap"
 )
 
 func (self *Handlers) CheckRefreshToken(
@@ -46,6 +48,10 @@ func (self *Handlers) CheckRefreshToken(
 			}
 		}
 
+		tracing.Logger.Ctx(ctx).
+			Debug("where is my fucking UserId",
+				zap.String("userId", claim.UserId))
+
 		// check time and refresh
 		timeLeft := claim.ExpiresAt.Time.Sub(time.Now()) / time.Second
 		if int64(timeLeft) < viper.GetInt64("refresh-token-timeout")/2 {