init

internal/adapter/auth/jwt/jwt.go

@@ -0,0 +1,76 @@
+package jwt
+
+import (
+	"errors"
+	"time"
+
+	"github.com/aykhans/oh-my-chat/internal/core/domain"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+type JWTService struct {
+	key      string
+	duration time.Duration
+}
+
+type tokenPayload struct {
+	UserID uuid.UUID `json:"user_id,omitempty"`
+	jwt.RegisteredClaims
+}
+
+func NewJWTService(duration time.Duration, key string) *JWTService {
+	return &JWTService{
+		key:      key,
+		duration: duration,
+	}
+}
+
+func (jwtService *JWTService) CreateToken(
+	user *domain.User,
+) (string, error) {
+	token := jwt.NewWithClaims(
+		jwt.SigningMethodHS256,
+		&tokenPayload{
+			UserID: user.ID,
+			RegisteredClaims: jwt.RegisteredClaims{
+				ExpiresAt: jwt.NewNumericDate(
+					time.Now().Add(jwtService.duration),
+				),
+				Audience: jwt.ClaimStrings{"user"},
+				IssuedAt: jwt.NewNumericDate(time.Now()),
+			},
+		},
+	)
+
+	tokenStr, err := token.SignedString([]byte(jwtService.key))
+	if err != nil {
+		return "", domain.ErrTokenCreation
+	}
+
+	return tokenStr, nil
+}
+
+func (jwtService *JWTService) VerifyToken(
+	token string,
+) (*domain.AuthPayload, error) {
+	keyFunc := func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, domain.ErrInvalidToken
+		}
+		return []byte(jwtService.key), nil
+	}
+
+	parsedToken, err := jwt.ParseWithClaims(token, &tokenPayload{}, keyFunc)
+	if err != nil {
+		if errors.Is(err, jwt.ErrTokenExpired) {
+			return nil, domain.ErrExpiredToken
+		}
+		if errors.Is(err, jwt.ErrSignatureInvalid) {
+			return nil, domain.ErrInvalidToken
+		}
+		return nil, domain.ErrInternal
+	}
+	payload := parsedToken.Claims.(*tokenPayload)
+	return &domain.AuthPayload{UserID: payload.UserID}, nil
+}