diff --git a/auth/claims.go b/auth/claims.go index d888a1b..6a97483 100644 --- a/auth/claims.go +++ b/auth/claims.go @@ -3,8 +3,7 @@ package auth import "github.com/golang-jwt/jwt/v5" type TokenClaims struct { - UserID string `json:"user_id"` - Type string `json:"type"` - ImpID *string `json:"imp_id,omitempty"` + Type string `json:"type"` + ImpID *string `json:"imp_id,omitempty"` jwt.RegisteredClaims } diff --git a/modules/auth/handlers/handlers.go b/modules/auth/handlers/handlers.go index 4f67448..1813035 100644 --- a/modules/auth/handlers/handlers.go +++ b/modules/auth/handlers/handlers.go @@ -50,10 +50,10 @@ func CheckPassword(password, hash string) (bool, error) { func (s *Server) generateImpersonationToken(userID string, impersonatedBy string) (string, error) { now := time.Now() claims := auth.TokenClaims{ - UserID: userID, - ImpID: &impersonatedBy, - Type: "access", + ImpID: &impersonatedBy, + Type: "access", RegisteredClaims: jwt.RegisteredClaims{ + Subject: userID, IssuedAt: jwt.NewNumericDate(now), ExpiresAt: jwt.NewNumericDate(now.Add(15 * time.Minute)), ID: generateJTI(), @@ -69,9 +69,9 @@ func (s *Server) generateTokens(userID string) (accessToken string, refreshToken // Access token (15 мин) accessClaims := auth.TokenClaims{ - UserID: userID, - Type: "access", + Type: "access", RegisteredClaims: jwt.RegisteredClaims{ + Subject: userID, IssuedAt: jwt.NewNumericDate(now), ExpiresAt: jwt.NewNumericDate(now.Add(15 * time.Minute)), ID: generateJTI(), @@ -85,9 +85,9 @@ func (s *Server) generateTokens(userID string) (accessToken string, refreshToken // Refresh token (7 дней) refreshClaims := auth.TokenClaims{ - UserID: userID, - Type: "refresh", + Type: "refresh", RegisteredClaims: jwt.RegisteredClaims{ + Subject: userID, IssuedAt: jwt.NewNumericDate(now), ExpiresAt: jwt.NewNumericDate(now.Add(7 * 24 * time.Hour)), ID: generateJTI(), @@ -154,7 +154,7 @@ func (s Server) PostSignIn(ctx context.Context, req auth.PostSignInRequestObject return auth.PostSignIn401Response{}, nil } - accessToken, refreshToken, csrfToken, err := s.generateTokens(req.Body.Nickname) + accessToken, refreshToken, csrfToken, err := s.generateTokens(fmt.Sprintf("%d", user.ID)) if err != nil { log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err) // TODO: return 500 @@ -260,7 +260,7 @@ func (s Server) RefreshTokens(ctx context.Context, req auth.RefreshTokensRequest } claims, ok := token.Claims.(*auth.TokenClaims) - if !ok || claims.UserID == "" { + if !ok || claims.Subject == "" { log.Print("invalid refresh token claims") return auth.RefreshTokens401Response{}, nil } @@ -269,9 +269,9 @@ func (s Server) RefreshTokens(ctx context.Context, req auth.RefreshTokensRequest return auth.RefreshTokens401Response{}, nil } - accessToken, refreshToken, csrfToken, err := s.generateTokens(claims.UserID) + accessToken, refreshToken, csrfToken, err := s.generateTokens(claims.Subject) if err != nil { - log.Errorf("failed to generate tokens for user %s: %v", claims.UserID, err) + log.Errorf("failed to generate tokens for user %s: %v", claims.Subject, err) return auth.RefreshTokens500Response{}, nil } diff --git a/modules/backend/middlewares/access.go b/modules/backend/middlewares/access.go index 8e787f8..9b15f8f 100644 --- a/modules/backend/middlewares/access.go +++ b/modules/backend/middlewares/access.go @@ -70,7 +70,7 @@ func JWTAuthMiddleware(secret string) gin.HandlerFunc { return } - if claims.UserID == "" { + if claims.Subject == "" { abortWithJSON(c, http.StatusUnauthorized, "user_id claim missing or invalid") return } @@ -80,7 +80,7 @@ func JWTAuthMiddleware(secret string) gin.HandlerFunc { } // 5. Сохраняем в контексте - c.Set("user_id", claims.UserID) + c.Set("user_id", claims.Subject) // 6. Для oapi-codegen — кладём gin.Context в request context GinContextToContext(c)