feat(backend): implement auth service with JWT and session management

Login: bcrypt credential validation, session creation, JWT pair issuance. Logout/TerminateSession: soft-delete session (is_active = false). Refresh: token rotation — deactivate old session, issue new pair. ListSessions: marks IsCurrent by comparing session IDs. ParseAccessToken: for use by auth middleware. Claims carry uid (int16), adm (bool), sid (int). Refresh tokens are stored as SHA-256 hashes; raw tokens never reach the database. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-04 00:38:21 +03:00
parent 0e9b4637b0
commit 277f42035c
3 changed files with 285 additions and 0 deletions
@@ -23,6 +23,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.22.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.1 // indirect