template-monorepo/internal/model/auth/config/config.go

package config

// Config is auth module settings (embedded in gateway root config).
type Config struct {
	AccessExpire  int64  `json:",optional"`
	RefreshExpire int64  `json:",optional"`
	ActiveKID     string `json:",optional"`
	AccessSecret  string `json:",optional,env=JWT_ACCESS_SECRET"`
	RefreshSecret string `json:",optional,env=JWT_REFRESH_SECRET"`
	// RegistrationSessionTTLSeconds is used by register/social flow (PR 6).
	RegistrationSessionTTLSeconds int `json:",optional"`
}

// Defaults returns zero-value-safe defaults.
func (c Config) Defaults() Config {
	if c.AccessExpire <= 0 {
		c.AccessExpire = 900
	}
	if c.RefreshExpire <= 0 {
		c.RefreshExpire = 604800
	}
	if c.ActiveKID == "" {
		c.ActiveKID = "v1"
	}
	if c.RegistrationSessionTTLSeconds <= 0 {
		c.RegistrationSessionTTLSeconds = 600
	}
	return c
}

// Enabled reports whether JWT signing is configured.
func (c Config) Enabled() bool {
	c = c.Defaults()
	return c.AccessSecret != "" && c.RefreshSecret != ""
}
feat(auth): add unified registration/login module with Zitadel + lint cleanup - Introduce auth module: handlers, logic, domain/repository/usecase, JWT middleware, and Zitadel OIDC client (password + authorization code + userinfo + JWKS verification) - Wire member rate-limit, structured errors, and refactored member/ notification usecases (introduce shared errors, drop repo_errors.go) - Bring the codebase to zero golangci-lint issues: * goimports formatting * errcheck on io.ReadAll/Unlock cleanup paths * contextcheck: HandlerContext now takes (ctx, http.Request) gocritic: rename shadowed `max`, use http.NoBody * goconst: extract test fixtures and bsonOpSet * testifylint: switch to assert inside httptest handlers Co-authored-by: Cursor <cursoragent@cursor.com> 2026-05-21 06:45:35 +00:00			`package config`

			`// Config is auth module settings (embedded in gateway root config).`
			`type Config struct {`
			AccessExpire int64 `json:",optional"`
			RefreshExpire int64 `json:",optional"`
			ActiveKID string `json:",optional"`
			AccessSecret string `json:",optional,env=JWT_ACCESS_SECRET"`
			RefreshSecret string `json:",optional,env=JWT_REFRESH_SECRET"`
			`// RegistrationSessionTTLSeconds is used by register/social flow (PR 6).`
			RegistrationSessionTTLSeconds int `json:",optional"`
			`}`

			`// Defaults returns zero-value-safe defaults.`
			`func (c Config) Defaults() Config {`
			`if c.AccessExpire <= 0 {`
			`c.AccessExpire = 900`
			`}`
			`if c.RefreshExpire <= 0 {`
			`c.RefreshExpire = 604800`
			`}`
			`if c.ActiveKID == "" {`
			`c.ActiveKID = "v1"`
			`}`
			`if c.RegistrationSessionTTLSeconds <= 0 {`
			`c.RegistrationSessionTTLSeconds = 600`
			`}`
			`return c`
			`}`

			`// Enabled reports whether JWT signing is configured.`
			`func (c Config) Enabled() bool {`
			`c = c.Defaults()`
			`return c.AccessSecret != "" && c.RefreshSecret != ""`
			`}`