MyGO/mygo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add token type to JWT claims for access/refresh distinction

Browse Source 
- Add TokenType enum and include in Claims struct
- GenerateRefreshToken now creates tokens with TokenRefresh type
- AuthRequired middleware rejects refresh tokens
- AuthService.Refresh validates token type
- Tests verify type validation
This commit is contained in:
Sunday
2026-04-29 16:55:18 +08:00
parent 712171230b
commit b4ab864f80
6 changed files with 112 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
internal/auth/jwt.go
View File

@@ -8,10 +8,19 @@ import (
"github.com/google/uuid"
)
// Claims represents the JWT claims for MyGO access tokens.
// TokenType distinguishes access tokens from refresh tokens.
type TokenType string
const (
TokenAccess TokenType = "access"
TokenRefresh TokenType = "refresh"
)
// Claims represents the JWT claims for MyGO tokens.
type Claims struct {
jwt.RegisteredClaims
UserID string `json:"uid"`
UserID string `json:"uid"`
Type TokenType `json:"type"`
}
// GenerateAccessToken creates a signed JWT access token for a user.
@@ -24,6 +33,7 @@ func GenerateAccessToken(userID string, secret []byte, ttl time.Duration) (strin
ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
},
UserID: userID,
Type: TokenAccess,
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
@@ -35,9 +45,26 @@ func GenerateAccessToken(userID string, secret []byte, ttl time.Duration) (strin
return signed, nil
}
// GenerateRefreshToken creates a signed JWT refresh token.
// GenerateRefreshToken creates a signed JWT refresh token for a user.
func GenerateRefreshToken(userID string, secret []byte, ttl time.Duration) (string, error) {
return GenerateAccessToken(userID, secret, ttl)
now := time.Now()
claims := Claims{
RegisteredClaims: jwt.RegisteredClaims{
ID: uuid.NewString(),
IssuedAt: jwt.NewNumericDate(now),
ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
},
UserID: userID,
Type: TokenRefresh,
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
signed, err := token.SignedString(secret)
if err != nil {
return "", fmt.Errorf("sign token: %w", err)
}
return signed, nil
}
// ParseToken validates and parses a JWT token string.