refactor(auth): split IAM module and add access/refresh session flow

2026-03-01 21:26:37 +08:00
parent 6a2d2c9724
commit 57c27e9102
13 changed files with 1377 additions and 345 deletions
--- a/internal/iam/types.go
+++ b/internal/iam/types.go
@@ -0,0 +1,77 @@
+package iam
+
+import (
+	"errors"
+	"time"
+)
+
+const (
+	ContextUserIDKey    = "user_id"
+	ContextSessionIDKey = "session_id"
+	ContextJTIKey       = "jti"
+)
+
+type tokenKind string
+
+const (
+	tokenKindAccess  tokenKind = "access"
+	tokenKindRefresh tokenKind = "refresh"
+)
+
+type accessClaims struct {
+	UserID    int64     `json:"uid"`
+	SessionID string    `json:"sid"`
+	JTI       string    `json:"jti"`
+	IssuedAt  int64     `json:"iat"`
+	ExpiresAt int64     `json:"exp"`
+	Type      tokenKind `json:"typ"`
+}
+
+type refreshClaims struct {
+	UserID    int64     `json:"uid"`
+	SessionID string    `json:"sid"`
+	RefreshID string    `json:"rid"`
+	IssuedAt  int64     `json:"iat"`
+	ExpiresAt int64     `json:"exp"`
+	Type      tokenKind `json:"typ"`
+}
+
+type Session struct {
+	ID         string     `json:"id"`
+	UserID     int64      `json:"user_id"`
+	DeviceInfo string     `json:"device_info"`
+	IP         string     `json:"ip"`
+	UserAgent  string     `json:"user_agent"`
+	CreatedAt  time.Time  `json:"created_at"`
+	ExpiresAt  time.Time  `json:"expires_at"`
+	RevokedAt  *time.Time `json:"revoked_at,omitempty"`
+}
+
+type tokenPair struct {
+	AccessToken        string
+	AccessTokenExpires time.Time
+	RefreshToken       string
+	SessionID          string
+}
+
+type requestMeta struct {
+	IP         string
+	UserAgent  string
+	DeviceInfo string
+}
+
+type AuthResult struct {
+	AccessToken string `json:"access_token"`
+	ExpiresIn   int64  `json:"expires_in"`
+	SessionID   string `json:"session_id"`
+}
+
+var (
+	errInvalidToken       = errors.New("invalid token")
+	errTokenExpired       = errors.New("token expired")
+	errInvalidCredentials = errors.New("invalid credentials")
+	errAlreadyExists      = errors.New("already exists")
+	errSessionRevoked     = errors.New("session revoked")
+	errUnauthorized       = errors.New("unauthorized")
+	errForbidden          = errors.New("forbidden")
+)