- Fix: replace repeated authorization checks in handlers with the new
MustGetUserID helper, which panics if the user ID is missing. This
simplifies handler code by eliminating redundant error handling.
- Tests: update auth tests to verify the panic behavior in unprotected
routes.
- Add TokenType enum and include in Claims struct
- GenerateRefreshToken now creates tokens with TokenRefresh type
- AuthRequired middleware rejects refresh tokens
- AuthService.Refresh validates token type
- Tests verify type validation