refactor: move Claims type from auth to new identity package

Extract Claims struct from auth/types.go into dedicated identity package for better separation of concerns. Update all imports and usages across auth service, token handling, and request context utilities.
2026-03-15 16:39:02 +01:00
parent 298d301ce8
commit 8f73dd3321
5 changed files with 23 additions and 16 deletions
--- a/backend/internal/auth/service.go
+++ b/backend/internal/auth/service.go
@@ -6,6 +6,8 @@ import (
 	"time"

 	"github.com/google/uuid"
+
+	"github.com/nexavpn/nexavpn/backend/internal/identity"
 )

 var ErrInvalidCredentials = errors.New("invalid credentials")
@@ -67,7 +69,7 @@ func (s *Service) Login(ctx context.Context, username, password, ipAddress, user
 		return LoginResponse{}, err
 	}

-	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{
+	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{
 		UserID:   record.ID,
 		Username: record.Username,
 		Role:     record.Role,
@@ -96,7 +98,7 @@ func (s *Service) Refresh(ctx context.Context, refreshToken string) (LoginRespon
 		return LoginResponse{}, ErrInvalidCredentials
 	}

-	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{
+	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{
 		UserID:   record.ID,
 		Username: record.Username,
 		Role:     record.Role,
--- a/backend/internal/auth/token.go
+++ b/backend/internal/auth/token.go
@@ -8,6 +8,8 @@ import (

 	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
+
+	"github.com/nexavpn/nexavpn/backend/internal/identity"
 )

 func NewRefreshToken() (plain string, hashed string, err error) {
@@ -22,7 +24,7 @@ func NewRefreshToken() (plain string, hashed string, err error) {
 	return plain, hashed, nil
 }

-func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (string, error) {
+func SignAccessToken(secret, issuer string, ttl time.Duration, claims identity.Claims) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"iss":        issuer,
 		"sub":        claims.UserID.String(),
@@ -36,8 +38,8 @@ func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (s
 	return token.SignedString([]byte(secret))
 }

-func ParseAccessToken(secret string, tokenString string) (Claims, error) {
-	claims := Claims{}
+func ParseAccessToken(secret string, tokenString string) (identity.Claims, error) {
+	claims := identity.Claims{}

 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
 		return []byte(secret), nil
--- a/backend/internal/auth/types.go
+++ b/backend/internal/auth/types.go
@@ -2,13 +2,6 @@ package auth

 import "github.com/google/uuid"

-type Claims struct {
-	UserID   uuid.UUID `json:"user_id"`
-	Username string    `json:"username"`
-	Role     string    `json:"role"`
-	Session  uuid.UUID `json:"session_id"`
-}
-
 type LoginRequest struct {
 	Username string `json:"username"`
 	Password string `json:"password"`