package auth import ( "context" "errors" ) // TokenResponse represents the response containing both access and refresh tokens type TokenResponse struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` ExpiresIn int64 `json:"expires_in"` // Expiration time in seconds for the access token TokenType string `json:"token_type"` // Usually "Bearer" UserID string `json:"user_id"` // User identifier UserRole string `json:"user_role"` // User role } var ( ErrTokenExpired = errors.New("token has expired") ErrInvalidToken = errors.New("token is invalid") ErrTokenBlacklisted = errors.New("token has been revoked or blacklisted") ErrRefreshTokenNotFound = errors.New("refresh token not found or has been invalidated") ErrUserNotFound = errors.New("user not found") ErrInvalidCredentials = errors.New("invalid credentials") ) // Service defines the interface for authentication operations type Service interface { // Login authenticates a user with email and password, returning tokens upon success. Login(ctx context.Context, email string, password string) (*TokenResponse, error) // GenerateToken creates new access and refresh tokens for a user. // userID is the unique identifier for the user (e.g., from the database). // role is the user's role. GenerateToken(ctx context.Context, userID string, role string) (*TokenResponse, error) // ValidateToken verifies an access token and returns the userID and role if valid. ValidateToken(ctx context.Context, tokenString string) (userID string, role string, err error) // RefreshToken creates a new access token (and potentially a new refresh token) // based on a valid refresh token. RefreshToken(ctx context.Context, refreshTokenString string) (*TokenResponse, error) // Logout invalidates the given token (typically an access token, and its associated refresh token if applicable). // The exact mechanism (e.g., blacklisting) depends on the implementation. Logout(ctx context.Context, tokenString string) error }