feat: use JWT Subject

auth/claims.go

@@ -3,8 +3,7 @@ package auth
 import "github.com/golang-jwt/jwt/v5"
 
 type TokenClaims struct {
-	UserID string  `json:"user_id"`
+	Type  string  `json:"type"`
-	Type   string  `json:"type"`
+	ImpID *string `json:"imp_id,omitempty"`
-	ImpID  *string `json:"imp_id,omitempty"`
 	jwt.RegisteredClaims
 }

modules/auth/handlers/handlers.go

@@ -50,10 +50,10 @@ func CheckPassword(password, hash string) (bool, error) {
 func (s *Server) generateImpersonationToken(userID string, impersonatedBy string) (string, error) {
 	now := time.Now()
 	claims := auth.TokenClaims{
-		UserID: userID,
+		ImpID: &impersonatedBy,
-		ImpID:  &impersonatedBy,
+		Type:  "access",
-		Type:   "access",
 		RegisteredClaims: jwt.RegisteredClaims{
+			Subject:   userID,
 			IssuedAt:  jwt.NewNumericDate(now),
 			ExpiresAt: jwt.NewNumericDate(now.Add(15 * time.Minute)),
 			ID:        generateJTI(),
@@ -69,9 +69,9 @@ func (s *Server) generateTokens(userID string) (accessToken string, refreshToken
 
 	// Access token (15 мин)
 	accessClaims := auth.TokenClaims{
-		UserID: userID,
+		Type: "access",
-		Type:   "access",
 		RegisteredClaims: jwt.RegisteredClaims{
+			Subject:   userID,
 			IssuedAt:  jwt.NewNumericDate(now),
 			ExpiresAt: jwt.NewNumericDate(now.Add(15 * time.Minute)),
 			ID:        generateJTI(),
@@ -85,9 +85,9 @@ func (s *Server) generateTokens(userID string) (accessToken string, refreshToken
 
 	// Refresh token (7 дней)
 	refreshClaims := auth.TokenClaims{
-		UserID: userID,
+		Type: "refresh",
-		Type:   "refresh",
 		RegisteredClaims: jwt.RegisteredClaims{
+			Subject:   userID,
 			IssuedAt:  jwt.NewNumericDate(now),
 			ExpiresAt: jwt.NewNumericDate(now.Add(7 * 24 * time.Hour)),
 			ID:        generateJTI(),
@@ -154,7 +154,7 @@ func (s Server) PostSignIn(ctx context.Context, req auth.PostSignInRequestObject
 		return auth.PostSignIn401Response{}, nil
 	}
 
-	accessToken, refreshToken, csrfToken, err := s.generateTokens(req.Body.Nickname)
+	accessToken, refreshToken, csrfToken, err := s.generateTokens(fmt.Sprintf("%d", user.ID))
 	if err != nil {
 		log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err)
 		// TODO: return 500
@@ -260,7 +260,7 @@ func (s Server) RefreshTokens(ctx context.Context, req auth.RefreshTokensRequest
 	}
 
 	claims, ok := token.Claims.(*auth.TokenClaims)
-	if !ok || claims.UserID == "" {
+	if !ok || claims.Subject == "" {
 		log.Print("invalid refresh token claims")
 		return auth.RefreshTokens401Response{}, nil
 	}
@@ -269,9 +269,9 @@ func (s Server) RefreshTokens(ctx context.Context, req auth.RefreshTokensRequest
 		return auth.RefreshTokens401Response{}, nil
 	}
 
-	accessToken, refreshToken, csrfToken, err := s.generateTokens(claims.UserID)
+	accessToken, refreshToken, csrfToken, err := s.generateTokens(claims.Subject)
 	if err != nil {
-		log.Errorf("failed to generate tokens for user %s: %v", claims.UserID, err)
+		log.Errorf("failed to generate tokens for user %s: %v", claims.Subject, err)
 		return auth.RefreshTokens500Response{}, nil
 	}
 

modules/backend/middlewares/access.go

@@ -70,7 +70,7 @@ func JWTAuthMiddleware(secret string) gin.HandlerFunc {
 			return
 		}
 
-		if claims.UserID == "" {
+		if claims.Subject == "" {
 			abortWithJSON(c, http.StatusUnauthorized, "user_id claim missing or invalid")
 			return
 		}
@@ -80,7 +80,7 @@ func JWTAuthMiddleware(secret string) gin.HandlerFunc {
 		}
 
 		// 5. Сохраняем в контексте
-		c.Set("user_id", claims.UserID)
+		c.Set("user_id", claims.Subject)
 
 		// 6. Для oapi-codegen — кладём gin.Context в request context
 		GinContextToContext(c)