35 lines
945 B
Go
35 lines
945 B
Go
package domain
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
var ErrInvalidToken = errors.New("invalid token")
|
|
|
|
// Claims is the JWT payload (simplified from stand-alone token claims; numeric uid).
|
|
type Claims struct {
|
|
UID int64 `json:"uid"`
|
|
Roles []string `json:"roles"`
|
|
JTI string `json:"jti,omitempty"`
|
|
Kind string `json:"kind"` // access | refresh
|
|
jwt.RegisteredClaims
|
|
}
|
|
|
|
// TokenPair is returned to clients (access + refresh).
|
|
type TokenPair struct {
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
TokenType string `json:"token_type"`
|
|
ExpiresIn int64 `json:"expires_in"`
|
|
}
|
|
|
|
// Issuer issues and validates JWT access/refresh pairs.
|
|
type Issuer interface {
|
|
Issue(uid int64, roles []string) (pair *TokenPair, refreshJTI string, refreshExp time.Time, err error)
|
|
ParseAccess(tokenStr string) (*Claims, error)
|
|
ParseRefresh(tokenStr string) (*Claims, error)
|
|
}
|