Implement JWTManager interface

server/internal/auth/jwt.go

@@ -1,3 +1,4 @@
+// Package auth provides JWT token generation and validation
 package auth
 
 import (
@@ -30,14 +31,22 @@ type JWTConfig struct {
 	RefreshTokenExpiry time.Duration // How long refresh tokens are valid
 }
 
-// JWTService handles JWT token generation and validation
-type JWTService struct {
+// JWTManager defines the interface for managing JWT tokens
+type JWTManager interface {
+	GenerateAccessToken(userID int, role string) (string, error)
+	GenerateRefreshToken(userID int, role string) (string, error)
+	ValidateToken(tokenString string) (*Claims, error)
+	RefreshAccessToken(refreshToken string) (string, error)
+}
+
+// jwtService handles JWT token generation and validation
+type jwtService struct {
 	config JWTConfig
 }
 
 // NewJWTService creates a new JWT service with the provided configuration
 // Returns an error if the signing key is missing
-func NewJWTService(config JWTConfig) (*JWTService, error) {
+func NewJWTService(config JWTConfig) (JWTManager, error) {
 	if config.SigningKey == "" {
 		return nil, fmt.Errorf("signing key is required")
 	}
@@ -48,7 +57,7 @@ func NewJWTService(config JWTConfig) (*JWTService, error) {
 	if config.RefreshTokenExpiry == 0 {
 		config.RefreshTokenExpiry = 7 * 24 * time.Hour // Default to 7 days
 	}
-	return &JWTService{config: config}, nil
+	return &jwtService{config: config}, nil
 }
 
 // GenerateAccessToken creates a new access token for a user
@@ -56,7 +65,7 @@ func NewJWTService(config JWTConfig) (*JWTService, error) {
 // - userID: the ID of the user
 // - role: the role of the user
 // Returns the signed token string or an error
-func (s *JWTService) GenerateAccessToken(userID int, role string) (string, error) {
+func (s *jwtService) GenerateAccessToken(userID int, role string) (string, error) {
 	return s.generateToken(userID, role, AccessToken, s.config.AccessTokenExpiry)
 }
 
@@ -65,7 +74,7 @@ func (s *JWTService) GenerateAccessToken(userID int, role string) (string, error
 // - userID: the ID of the user
 // - role: the role of the user
 // Returns the signed token string or an error
-func (s *JWTService) GenerateRefreshToken(userID int, role string) (string, error) {
+func (s *jwtService) GenerateRefreshToken(userID int, role string) (string, error) {
 	return s.generateToken(userID, role, RefreshToken, s.config.RefreshTokenExpiry)
 }
 
@@ -76,7 +85,7 @@ func (s *JWTService) GenerateRefreshToken(userID int, role string) (string, erro
 // - tokenType: the type of token (access or refresh)
 // - expiry: how long the token should be valid
 // Returns the signed token string or an error
-func (s *JWTService) generateToken(userID int, role string, tokenType TokenType, expiry time.Duration) (string, error) {
+func (s *jwtService) generateToken(userID int, role string, tokenType TokenType, expiry time.Duration) (string, error) {
 	now := time.Now()
 	claims := Claims{
 		RegisteredClaims: jwt.RegisteredClaims{
@@ -97,7 +106,7 @@ func (s *JWTService) generateToken(userID int, role string, tokenType TokenType,
 // Parameters:
 // - tokenString: the token to validate
 // Returns the token claims if valid, or an error if invalid
-func (s *JWTService) ValidateToken(tokenString string) (*Claims, error) {
+func (s *jwtService) ValidateToken(tokenString string) (*Claims, error) {
 	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
 		// Validate the signing method
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
@@ -121,7 +130,7 @@ func (s *JWTService) ValidateToken(tokenString string) (*Claims, error) {
 // Parameters:
 // - refreshToken: the refresh token to use
 // Returns a new access token if the refresh token is valid, or an error
-func (s *JWTService) RefreshAccessToken(refreshToken string) (string, error) {
+func (s *jwtService) RefreshAccessToken(refreshToken string) (string, error) {
 	claims, err := s.ValidateToken(refreshToken)
 	if err != nil {
 		return "", fmt.Errorf("invalid refresh token: %w", err)