Enhance JWT service to include role ID in access token generation and user token info

2025-10-21 15:05:10 +07:00 · 2025-10-21 15:05:10 +07:00 · fb49163803
parent 4bd48c3bca
commit fb49163803
2 changed files with 15 additions and 6 deletions
--- a/modules/auth/repository/refresh_token_repository.go
+++ b/modules/auth/repository/refresh_token_repository.go
@ -51,7 +51,10 @@ func (r *refreshTokenRepository) FindByToken(ctx context.Context, tx *gorm.DB, t
 	}

 	var refreshToken entities.RefreshToken
-	if err := tx.WithContext(ctx).Where("token = ?", token).Preload("User").Take(&refreshToken).Error; err != nil {
+	if err := tx.WithContext(ctx).
+		Preload("User").
+		Preload("User.UserRoles.Role").
+		Take(&refreshToken).Error; err != nil {
 		return entities.RefreshToken{}, err
 	}

--- a/modules/auth/service/jwt_service.go
+++ b/modules/auth/service/jwt_service.go
@ -14,10 +14,11 @@ import (
 type UserTokenInfo struct {
 	ClientID string `json:"client_id"`
 	UserID   string `json:"user_id"`
+	RoleID   string `json:"role_id"`
 }

 type JWTService interface {
-	GenerateAccessToken(clientId string, userId string) string
+	GenerateAccessToken(clientId string, userId string, roleId string) string
 	GenerateRefreshToken() (string, time.Time)
 	ValidateToken(token string) (*jwt.Token, error)
 	GetUserIDByToken(token string) (*UserTokenInfo, error)
@ -26,6 +27,7 @@ type JWTService interface {
 type jwtCustomClaim struct {
 	ClientID string `json:"client_id"`
 	UserID   string `json:"user_id"`
+	RoleID   string `json:"role_id"`

 	jwt.RegisteredClaims
 }
@ -40,8 +42,8 @@ type jwtService struct {
 func NewJWTService() JWTService {
 	return &jwtService{
 		secretKey:     getSecretKey(),
-		issuer:        "Template",
-		accessExpiry:  time.Minute * 15,
+		issuer:        "WMS-Wareify",
+		accessExpiry:  time.Hour * 8,
 		refreshExpiry: time.Hour * 24 * 7,
 	}
 }
@ -49,15 +51,16 @@ func NewJWTService() JWTService {
 func getSecretKey() string {
 	secretKey := os.Getenv("JWT_SECRET")
 	if secretKey == "" {
-		secretKey = "Template"
+		secretKey = "WMS-WareifySecretKey"
 	}
 	return secretKey
 }

-func (j *jwtService) GenerateAccessToken(clientId string, userId string) string {
+func (j *jwtService) GenerateAccessToken(clientId string, userId string, roleId string) string {
 	claims := jwtCustomClaim{
 		ClientID: clientId,
 		UserID:   userId,
+		RoleID:   roleId,
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(j.accessExpiry)),
 			Issuer:    j.issuer,
@ -107,8 +110,11 @@ func (j *jwtService) GetUserIDByToken(token string) (*UserTokenInfo, error) {
 	claims := tToken.Claims.(jwt.MapClaims)
 	userId := fmt.Sprintf("%v", claims["user_id"])
 	clientId := fmt.Sprintf("%v", claims["client_id"])
+	roleId := fmt.Sprintf("%v", claims["role_id"])
+
 	return &UserTokenInfo{
 		UserID:   userId,
 		ClientID: clientId,
+		RoleID:   roleId,
 	}, nil
 }