From fb49163803c32bf4cc06cae4d949d7173beb59a0 Mon Sep 17 00:00:00 2001
From: Habib Fatkhul Rohman <fatkhulrohmanhabib@gmail.com>
Date: Tue, 21 Oct 2025 15:05:10 +0700
Subject: [PATCH] Enhance JWT service to include role ID in access token
 generation and user token info

---
 .../auth/repository/refresh_token_repository.go  |  5 ++++-
 modules/auth/service/jwt_service.go              | 16 +++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/modules/auth/repository/refresh_token_repository.go b/modules/auth/repository/refresh_token_repository.go
index f97a4ee..317441d 100644
--- a/modules/auth/repository/refresh_token_repository.go
+++ b/modules/auth/repository/refresh_token_repository.go
@@ -51,7 +51,10 @@ func (r *refreshTokenRepository) FindByToken(ctx context.Context, tx *gorm.DB, t
 	}
 
 	var refreshToken entities.RefreshToken
-	if err := tx.WithContext(ctx).Where("token = ?", token).Preload("User").Take(&refreshToken).Error; err != nil {
+	if err := tx.WithContext(ctx).
+		Preload("User").
+		Preload("User.UserRoles.Role").
+		Take(&refreshToken).Error; err != nil {
 		return entities.RefreshToken{}, err
 	}
 
diff --git a/modules/auth/service/jwt_service.go b/modules/auth/service/jwt_service.go
index b953bd0..6672e19 100644
--- a/modules/auth/service/jwt_service.go
+++ b/modules/auth/service/jwt_service.go
@@ -14,10 +14,11 @@ import (
 type UserTokenInfo struct {
 	ClientID string `json:"client_id"`
 	UserID   string `json:"user_id"`
+	RoleID   string `json:"role_id"`
 }
 
 type JWTService interface {
-	GenerateAccessToken(clientId string, userId string) string
+	GenerateAccessToken(clientId string, userId string, roleId string) string
 	GenerateRefreshToken() (string, time.Time)
 	ValidateToken(token string) (*jwt.Token, error)
 	GetUserIDByToken(token string) (*UserTokenInfo, error)
@@ -26,6 +27,7 @@ type JWTService interface {
 type jwtCustomClaim struct {
 	ClientID string `json:"client_id"`
 	UserID   string `json:"user_id"`
+	RoleID   string `json:"role_id"`
 
 	jwt.RegisteredClaims
 }
@@ -40,8 +42,8 @@ type jwtService struct {
 func NewJWTService() JWTService {
 	return &jwtService{
 		secretKey:     getSecretKey(),
-		issuer:        "Template",
-		accessExpiry:  time.Minute * 15,
+		issuer:        "WMS-Wareify",
+		accessExpiry:  time.Hour * 8,
 		refreshExpiry: time.Hour * 24 * 7,
 	}
 }
@@ -49,15 +51,16 @@ func NewJWTService() JWTService {
 func getSecretKey() string {
 	secretKey := os.Getenv("JWT_SECRET")
 	if secretKey == "" {
-		secretKey = "Template"
+		secretKey = "WMS-WareifySecretKey"
 	}
 	return secretKey
 }
 
-func (j *jwtService) GenerateAccessToken(clientId string, userId string) string {
+func (j *jwtService) GenerateAccessToken(clientId string, userId string, roleId string) string {
 	claims := jwtCustomClaim{
 		ClientID: clientId,
 		UserID:   userId,
+		RoleID:   roleId,
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(j.accessExpiry)),
 			Issuer:    j.issuer,
@@ -107,8 +110,11 @@ func (j *jwtService) GetUserIDByToken(token string) (*UserTokenInfo, error) {
 	claims := tToken.Claims.(jwt.MapClaims)
 	userId := fmt.Sprintf("%v", claims["user_id"])
 	clientId := fmt.Sprintf("%v", claims["client_id"])
+	roleId := fmt.Sprintf("%v", claims["role_id"])
+
 	return &UserTokenInfo{
 		UserID:   userId,
 		ClientID: clientId,
+		RoleID:   roleId,
 	}, nil
 }