Implement Refresh Token Authentication API

[kimitrii]

Changes Made

This PR introduces the Refresh Token authentication API. It allows the refreshing of expired access tokens by submitting both the expired access token and the refresh token. Upon successful security validation and token match, the provided refresh token will be revoked, and new refresh and access tokens will be generated. The new refresh token will be set as an HttpOnly cookie in the response, enhancing security by preventing client-side access. This update improves the overall security of the authentication process and helps prevent the following attacks:

• Cross-Site Scripting (XSS): By storing the refresh token in an HttpOnly cookie, it is inaccessible to JavaScript on the client-side, protecting it from XSS attacks.
• Replay Attacks: The refresh token is revoked and replaced upon use, preventing replay attacks where the token could be reused by an attacker.
• Man-in-the-Middle (MitM) Attacks: Secure connections (HTTPS) protect the refresh token from interception by attackers during transmission.
• Cross-Site Request Forgery (CSRF): The HttpOnly cookie ensures that the refresh token is automatically sent only to the trusted domain, reducing the risk of CSRF attacks.

Additionally, the @cloudflare/workers-types and wrangler packages was updated to fix the package issue:

• Esbuild enables any website to send any requests to the development server and read the response.

Changes Type

• Bug fix
• New feature

Checklist:

• The changes do not generate new error logs or warnings.
• I have added tests that prove the fix or new feature works as expected.
• Both new and existing tests pass locally.