-

internal/crypto/token.go

@@ -34,6 +34,11 @@ func NewTokenGenerator(hmacKey string) *TokenGenerator {
 
 // GenerateSecureToken generates a cryptographically secure random token
 func (tg *TokenGenerator) GenerateSecureToken() (string, error) {
+	return tg.GenerateSecureTokenWithPrefix("", "")
+}
+
+// GenerateSecureTokenWithPrefix generates a cryptographically secure random token with custom prefix
+func (tg *TokenGenerator) GenerateSecureTokenWithPrefix(appPrefix string, tokenType string) (string, error) {
 	// Generate random bytes
 	tokenBytes := make([]byte, TokenLength)
 	if _, err := rand.Read(tokenBytes); err != nil {
@@ -43,8 +48,21 @@ func (tg *TokenGenerator) GenerateSecureToken() (string, error) {
 	// Encode to base64 for safe transmission
 	tokenData := base64.URLEncoding.EncodeToString(tokenBytes)
 	
-	// Add prefix for identification
-	token := TokenPrefix + tokenData
+	// Build prefix based on application and token type
+	var prefix string
+	if appPrefix != "" {
+		// Use custom application prefix
+		if tokenType == "user" {
+			prefix = appPrefix + "UT-" // User Token
+		} else {
+			prefix = appPrefix + "T-"  // Static Token
+		}
+	} else {
+		// Use default prefix
+		prefix = TokenPrefix
+	}
+	
+	token := prefix + tokenData
 
 	return token, nil
 }
@@ -103,12 +121,52 @@ func ExtractTokenFromHeader(authHeader string) string {
 
 // IsValidTokenFormat checks if a token has the expected format
 func IsValidTokenFormat(token string) bool {
-	if !strings.HasPrefix(token, TokenPrefix) {
-		return false
+	return IsValidTokenFormatWithPrefix(token, "")
+}
+
+// IsValidTokenFormatWithPrefix checks if a token has the expected format with custom prefix
+func IsValidTokenFormatWithPrefix(token string, expectedPrefix string) bool {
+	var prefix string
+	if expectedPrefix != "" {
+		prefix = expectedPrefix
+	} else {
+		prefix = TokenPrefix
+	}
+	
+	if !strings.HasPrefix(token, prefix) {
+		// If expected prefix doesn't match, check if it's a valid token with any custom prefix
+		if expectedPrefix == "" {
+			// Check for custom prefix pattern: 2-4 uppercase letters + "T-" or "UT-"
+			if len(token) < 6 { // minimum: "ABT-" + some data
+				return false
+			}
+			
+			// Look for T- or UT- suffix in the first part
+			dashIndex := strings.Index(token, "-")
+			if dashIndex < 2 || dashIndex > 6 { // 2-4 chars + "T" or "UT"
+				// Not a custom prefix, check default
+				if !strings.HasPrefix(token, TokenPrefix) {
+					return false
+				}
+				prefix = TokenPrefix
+			} else {
+				prefixPart := token[:dashIndex+1]
+				if !strings.HasSuffix(prefixPart, "T-") && !strings.HasSuffix(prefixPart, "UT-") {
+					if !strings.HasPrefix(token, TokenPrefix) {
+						return false
+					}
+					prefix = TokenPrefix
+				} else {
+					prefix = prefixPart
+				}
+			}
+		} else {
+			return false
+		}
 	}
 	
 	// Remove prefix and check if remaining part is valid base64
-	tokenData := strings.TrimPrefix(token, TokenPrefix)
+	tokenData := strings.TrimPrefix(token, prefix)
 	if len(tokenData) == 0 {
 		return false
 	}
@@ -128,8 +186,13 @@ type TokenInfo struct {
 
 // GenerateTokenWithInfo generates a complete token with hash and signature
 func (tg *TokenGenerator) GenerateTokenWithInfo() (*TokenInfo, error) {
+	return tg.GenerateTokenWithInfoAndPrefix("", "")
+}
+
+// GenerateTokenWithInfoAndPrefix generates a complete token with hash, signature, and custom prefix
+func (tg *TokenGenerator) GenerateTokenWithInfoAndPrefix(appPrefix string, tokenType string) (*TokenInfo, error) {
 	// Generate the token
-	token, err := tg.GenerateSecureToken()
+	token, err := tg.GenerateSecureTokenWithPrefix(appPrefix, tokenType)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate token: %w", err)
 	}