From 8f73dd3321a0e40d193042b2df8254c2d152da69 Mon Sep 17 00:00:00 2001 From: nessi Date: Sun, 15 Mar 2026 16:39:02 +0100 Subject: [PATCH] refactor: move Claims type from auth to new identity package Extract Claims struct from auth/types.go into dedicated identity package for better separation of concerns. Update all imports and usages across auth service, token handling, and request context utilities. --- backend/internal/auth/service.go | 6 ++++-- backend/internal/auth/token.go | 8 +++++--- backend/internal/auth/types.go | 7 ------- backend/internal/identity/claims.go | 10 ++++++++++ backend/internal/requestctx/context.go | 8 ++++---- 5 files changed, 23 insertions(+), 16 deletions(-) create mode 100644 backend/internal/identity/claims.go diff --git a/backend/internal/auth/service.go b/backend/internal/auth/service.go index 28df325..d038aff 100644 --- a/backend/internal/auth/service.go +++ b/backend/internal/auth/service.go @@ -6,6 +6,8 @@ import ( "time" "github.com/google/uuid" + + "github.com/nexavpn/nexavpn/backend/internal/identity" ) var ErrInvalidCredentials = errors.New("invalid credentials") @@ -67,7 +69,7 @@ func (s *Service) Login(ctx context.Context, username, password, ipAddress, user return LoginResponse{}, err } - access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{ + access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{ UserID: record.ID, Username: record.Username, Role: record.Role, @@ -96,7 +98,7 @@ func (s *Service) Refresh(ctx context.Context, refreshToken string) (LoginRespon return LoginResponse{}, ErrInvalidCredentials } - access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{ + access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{ UserID: record.ID, Username: record.Username, Role: record.Role, diff --git a/backend/internal/auth/token.go b/backend/internal/auth/token.go index a24c76a..126810b 100644 --- a/backend/internal/auth/token.go +++ b/backend/internal/auth/token.go @@ -8,6 +8,8 @@ import ( "github.com/golang-jwt/jwt/v5" "github.com/google/uuid" + + "github.com/nexavpn/nexavpn/backend/internal/identity" ) func NewRefreshToken() (plain string, hashed string, err error) { @@ -22,7 +24,7 @@ func NewRefreshToken() (plain string, hashed string, err error) { return plain, hashed, nil } -func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (string, error) { +func SignAccessToken(secret, issuer string, ttl time.Duration, claims identity.Claims) (string, error) { token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ "iss": issuer, "sub": claims.UserID.String(), @@ -36,8 +38,8 @@ func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (s return token.SignedString([]byte(secret)) } -func ParseAccessToken(secret string, tokenString string) (Claims, error) { - claims := Claims{} +func ParseAccessToken(secret string, tokenString string) (identity.Claims, error) { + claims := identity.Claims{} token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) { return []byte(secret), nil diff --git a/backend/internal/auth/types.go b/backend/internal/auth/types.go index 5abfa53..5f9d69c 100644 --- a/backend/internal/auth/types.go +++ b/backend/internal/auth/types.go @@ -2,13 +2,6 @@ package auth import "github.com/google/uuid" -type Claims struct { - UserID uuid.UUID `json:"user_id"` - Username string `json:"username"` - Role string `json:"role"` - Session uuid.UUID `json:"session_id"` -} - type LoginRequest struct { Username string `json:"username"` Password string `json:"password"` diff --git a/backend/internal/identity/claims.go b/backend/internal/identity/claims.go new file mode 100644 index 0000000..664431f --- /dev/null +++ b/backend/internal/identity/claims.go @@ -0,0 +1,10 @@ +package identity + +import "github.com/google/uuid" + +type Claims struct { + UserID uuid.UUID `json:"user_id"` + Username string `json:"username"` + Role string `json:"role"` + Session uuid.UUID `json:"session_id"` +} diff --git a/backend/internal/requestctx/context.go b/backend/internal/requestctx/context.go index a2c56eb..0a42141 100644 --- a/backend/internal/requestctx/context.go +++ b/backend/internal/requestctx/context.go @@ -5,19 +5,19 @@ import ( "github.com/google/uuid" - "github.com/nexavpn/nexavpn/backend/internal/auth" + "github.com/nexavpn/nexavpn/backend/internal/identity" ) type contextKey string const claimsKey contextKey = "claims" -func WithClaims(ctx context.Context, claims auth.Claims) context.Context { +func WithClaims(ctx context.Context, claims identity.Claims) context.Context { return context.WithValue(ctx, claimsKey, claims) } -func ClaimsFromContext(ctx context.Context) (auth.Claims, bool) { - claims, ok := ctx.Value(claimsKey).(auth.Claims) +func ClaimsFromContext(ctx context.Context) (identity.Claims, bool) { + claims, ok := ctx.Value(claimsKey).(identity.Claims) return claims, ok }