refactor: move Claims type from auth to new identity package
Extract Claims struct from auth/types.go into dedicated identity package for better separation of concerns. Update all imports and usages across auth service, token handling, and request context utilities.
This commit is contained in:
@@ -6,6 +6,8 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"github.com/nexavpn/nexavpn/backend/internal/identity"
|
||||||
)
|
)
|
||||||
|
|
||||||
var ErrInvalidCredentials = errors.New("invalid credentials")
|
var ErrInvalidCredentials = errors.New("invalid credentials")
|
||||||
@@ -67,7 +69,7 @@ func (s *Service) Login(ctx context.Context, username, password, ipAddress, user
|
|||||||
return LoginResponse{}, err
|
return LoginResponse{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{
|
access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{
|
||||||
UserID: record.ID,
|
UserID: record.ID,
|
||||||
Username: record.Username,
|
Username: record.Username,
|
||||||
Role: record.Role,
|
Role: record.Role,
|
||||||
@@ -96,7 +98,7 @@ func (s *Service) Refresh(ctx context.Context, refreshToken string) (LoginRespon
|
|||||||
return LoginResponse{}, ErrInvalidCredentials
|
return LoginResponse{}, ErrInvalidCredentials
|
||||||
}
|
}
|
||||||
|
|
||||||
access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{
|
access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{
|
||||||
UserID: record.ID,
|
UserID: record.ID,
|
||||||
Username: record.Username,
|
Username: record.Username,
|
||||||
Role: record.Role,
|
Role: record.Role,
|
||||||
|
|||||||
@@ -8,6 +8,8 @@ import (
|
|||||||
|
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
|
||||||
|
"github.com/nexavpn/nexavpn/backend/internal/identity"
|
||||||
)
|
)
|
||||||
|
|
||||||
func NewRefreshToken() (plain string, hashed string, err error) {
|
func NewRefreshToken() (plain string, hashed string, err error) {
|
||||||
@@ -22,7 +24,7 @@ func NewRefreshToken() (plain string, hashed string, err error) {
|
|||||||
return plain, hashed, nil
|
return plain, hashed, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (string, error) {
|
func SignAccessToken(secret, issuer string, ttl time.Duration, claims identity.Claims) (string, error) {
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||||
"iss": issuer,
|
"iss": issuer,
|
||||||
"sub": claims.UserID.String(),
|
"sub": claims.UserID.String(),
|
||||||
@@ -36,8 +38,8 @@ func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (s
|
|||||||
return token.SignedString([]byte(secret))
|
return token.SignedString([]byte(secret))
|
||||||
}
|
}
|
||||||
|
|
||||||
func ParseAccessToken(secret string, tokenString string) (Claims, error) {
|
func ParseAccessToken(secret string, tokenString string) (identity.Claims, error) {
|
||||||
claims := Claims{}
|
claims := identity.Claims{}
|
||||||
|
|
||||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
||||||
return []byte(secret), nil
|
return []byte(secret), nil
|
||||||
|
|||||||
@@ -2,13 +2,6 @@ package auth
|
|||||||
|
|
||||||
import "github.com/google/uuid"
|
import "github.com/google/uuid"
|
||||||
|
|
||||||
type Claims struct {
|
|
||||||
UserID uuid.UUID `json:"user_id"`
|
|
||||||
Username string `json:"username"`
|
|
||||||
Role string `json:"role"`
|
|
||||||
Session uuid.UUID `json:"session_id"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type LoginRequest struct {
|
type LoginRequest struct {
|
||||||
Username string `json:"username"`
|
Username string `json:"username"`
|
||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
|
|||||||
10
backend/internal/identity/claims.go
Normal file
10
backend/internal/identity/claims.go
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
package identity
|
||||||
|
|
||||||
|
import "github.com/google/uuid"
|
||||||
|
|
||||||
|
type Claims struct {
|
||||||
|
UserID uuid.UUID `json:"user_id"`
|
||||||
|
Username string `json:"username"`
|
||||||
|
Role string `json:"role"`
|
||||||
|
Session uuid.UUID `json:"session_id"`
|
||||||
|
}
|
||||||
@@ -5,19 +5,19 @@ import (
|
|||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
|
|
||||||
"github.com/nexavpn/nexavpn/backend/internal/auth"
|
"github.com/nexavpn/nexavpn/backend/internal/identity"
|
||||||
)
|
)
|
||||||
|
|
||||||
type contextKey string
|
type contextKey string
|
||||||
|
|
||||||
const claimsKey contextKey = "claims"
|
const claimsKey contextKey = "claims"
|
||||||
|
|
||||||
func WithClaims(ctx context.Context, claims auth.Claims) context.Context {
|
func WithClaims(ctx context.Context, claims identity.Claims) context.Context {
|
||||||
return context.WithValue(ctx, claimsKey, claims)
|
return context.WithValue(ctx, claimsKey, claims)
|
||||||
}
|
}
|
||||||
|
|
||||||
func ClaimsFromContext(ctx context.Context) (auth.Claims, bool) {
|
func ClaimsFromContext(ctx context.Context) (identity.Claims, bool) {
|
||||||
claims, ok := ctx.Value(claimsKey).(auth.Claims)
|
claims, ok := ctx.Value(claimsKey).(identity.Claims)
|
||||||
return claims, ok
|
return claims, ok
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user