refactor: move Claims type from auth to new identity package

Extract Claims struct from auth/types.go into dedicated identity package for better separation of concerns. Update all imports and usages across auth service, token handling, and request context utilities.

backend/internal/auth/service.go

@@ -6,6 +6,8 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+
+	"github.com/nexavpn/nexavpn/backend/internal/identity"
 )
 
 var ErrInvalidCredentials = errors.New("invalid credentials")
@@ -67,7 +69,7 @@ func (s *Service) Login(ctx context.Context, username, password, ipAddress, user
 		return LoginResponse{}, err
 	}
 
-	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{
+	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{
 		UserID:   record.ID,
 		Username: record.Username,
 		Role:     record.Role,
@@ -96,7 +98,7 @@ func (s *Service) Refresh(ctx context.Context, refreshToken string) (LoginRespon
 		return LoginResponse{}, ErrInvalidCredentials
 	}
 
-	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, Claims{
+	access, err := SignAccessToken(s.jwtSecret, s.jwtIssuer, s.accessTokenTTL, identity.Claims{
 		UserID:   record.ID,
 		Username: record.Username,
 		Role:     record.Role,

backend/internal/auth/token.go

@@ -8,6 +8,8 @@ import (
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
+
+	"github.com/nexavpn/nexavpn/backend/internal/identity"
 )
 
 func NewRefreshToken() (plain string, hashed string, err error) {
@@ -22,7 +24,7 @@ func NewRefreshToken() (plain string, hashed string, err error) {
 	return plain, hashed, nil
 }
 
-func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (string, error) {
+func SignAccessToken(secret, issuer string, ttl time.Duration, claims identity.Claims) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
 		"iss":        issuer,
 		"sub":        claims.UserID.String(),
@@ -36,8 +38,8 @@ func SignAccessToken(secret, issuer string, ttl time.Duration, claims Claims) (s
 	return token.SignedString([]byte(secret))
 }
 
-func ParseAccessToken(secret string, tokenString string) (Claims, error) {
-	claims := Claims{}
+func ParseAccessToken(secret string, tokenString string) (identity.Claims, error) {
+	claims := identity.Claims{}
 
 	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
 		return []byte(secret), nil

backend/internal/auth/types.go

@@ -2,13 +2,6 @@ package auth
 
 import "github.com/google/uuid"
 
-type Claims struct {
-	UserID   uuid.UUID `json:"user_id"`
-	Username string    `json:"username"`
-	Role     string    `json:"role"`
-	Session  uuid.UUID `json:"session_id"`
-}
-
 type LoginRequest struct {
 	Username string `json:"username"`
 	Password string `json:"password"`

backend/internal/identity/claims.go

@@ -0,0 +1,10 @@
+package identity
+
+import "github.com/google/uuid"
+
+type Claims struct {
+	UserID   uuid.UUID `json:"user_id"`
+	Username string    `json:"username"`
+	Role     string    `json:"role"`
+	Session  uuid.UUID `json:"session_id"`
+}

backend/internal/requestctx/context.go

@@ -5,19 +5,19 @@ import (
 
 	"github.com/google/uuid"
 
-	"github.com/nexavpn/nexavpn/backend/internal/auth"
+	"github.com/nexavpn/nexavpn/backend/internal/identity"
 )
 
 type contextKey string
 
 const claimsKey contextKey = "claims"
 
-func WithClaims(ctx context.Context, claims auth.Claims) context.Context {
+func WithClaims(ctx context.Context, claims identity.Claims) context.Context {
 	return context.WithValue(ctx, claimsKey, claims)
 }
 
-func ClaimsFromContext(ctx context.Context) (auth.Claims, bool) {
-	claims, ok := ctx.Value(claimsKey).(auth.Claims)
+func ClaimsFromContext(ctx context.Context) (identity.Claims, bool) {
+	claims, ok := ctx.Value(claimsKey).(identity.Claims)
 	return claims, ok
 }