Add token type to JWT claims for access/refresh distinction

- Add TokenType enum and include in Claims struct - GenerateRefreshToken now creates tokens with TokenRefresh type - AuthRequired middleware rejects refresh tokens - AuthService.Refresh validates token type - Tests verify type validation
2026-04-29 16:55:18 +08:00
parent 712171230b
commit b4ab864f80
6 changed files with 112 additions and 4 deletions
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -37,6 +37,12 @@ func AuthRequired(jwtSecret []byte) gin.HandlerFunc {
 			return
 		}

+		if claims.Type != auth.TokenAccess {
+			api.Error(c, http.StatusUnauthorized, "invalid token type")
+			c.Abort()
+			return
+		}
+
 		c.Set(userIDKey, claims.UserID)
 		c.Next()
 	}