Add token type to JWT claims for access/refresh distinction

- Add TokenType enum and include in Claims struct - GenerateRefreshToken now creates tokens with TokenRefresh type - AuthRequired middleware rejects refresh tokens - AuthService.Refresh validates token type - Tests verify type validation
2026-04-29 16:55:18 +08:00
parent 712171230b
commit b4ab864f80
6 changed files with 112 additions and 4 deletions
--- a/internal/service/auth.go
+++ b/internal/service/auth.go
@@ -109,6 +109,10 @@ func (s *AuthService) Refresh(ctx context.Context, refreshTokenStr string) (*Tok
 		return nil, fmt.Errorf("invalid token")
 	}

+	if claims.Type != auth.TokenRefresh {
+		return nil, fmt.Errorf("invalid token")
+	}
+
 	tokenHash := auth.HashToken(refreshTokenStr)
 	session, err := s.sessionRepo.FindByTokenHash(ctx, tokenHash)
 	if err != nil {