v1

internal/services/auth_service.go

@@ -3,23 +3,30 @@ package services
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"go.uber.org/zap"
 
+	"github.com/kms/api-key-service/internal/auth"
 	"github.com/kms/api-key-service/internal/config"
+	"github.com/kms/api-key-service/internal/domain"
+	"github.com/kms/api-key-service/internal/errors"
 )
 
 // authenticationService implements the AuthenticationService interface
 type authenticationService struct {
-	config config.ConfigProvider
-	logger *zap.Logger
+	config     config.ConfigProvider
+	logger     *zap.Logger
+	jwtManager *auth.JWTManager
 }
 
 // NewAuthenticationService creates a new authentication service
 func NewAuthenticationService(config config.ConfigProvider, logger *zap.Logger) AuthenticationService {
+	jwtManager := auth.NewJWTManager(config, logger)
 	return &authenticationService{
-		config: config,
-		logger: logger,
+		config:     config,
+		logger:     logger,
+		jwtManager: jwtManager,
 	}
 }
 
@@ -63,3 +70,78 @@ func (s *authenticationService) GetUserClaims(ctx context.Context, userID string
 	
 	return claims, nil
 }
+
+// ValidateJWTToken validates a JWT token and returns claims
+func (s *authenticationService) ValidateJWTToken(ctx context.Context, tokenString string) (*domain.AuthContext, error) {
+	s.logger.Debug("Validating JWT token")
+
+	// Validate the token using JWT manager
+	claims, err := s.jwtManager.ValidateToken(tokenString)
+	if err != nil {
+		s.logger.Warn("JWT token validation failed", zap.Error(err))
+		return nil, err
+	}
+
+	// Check if token is revoked
+	revoked, err := s.jwtManager.IsTokenRevoked(tokenString)
+	if err != nil {
+		s.logger.Error("Failed to check token revocation status", zap.Error(err))
+		return nil, errors.NewInternalError("Failed to validate token").WithInternal(err)
+	}
+
+	if revoked {
+		s.logger.Warn("JWT token is revoked", zap.String("user_id", claims.UserID))
+		return nil, errors.NewAuthenticationError("Token has been revoked")
+	}
+
+	// Convert JWT claims to AuthContext
+	authContext := &domain.AuthContext{
+		UserID:      claims.UserID,
+		TokenType:   claims.TokenType,
+		Permissions: claims.Permissions,
+		Claims:      claims.Claims,
+		AppID:       claims.AppID,
+	}
+
+	s.logger.Debug("JWT token validated successfully", 
+		zap.String("user_id", claims.UserID),
+		zap.String("app_id", claims.AppID))
+
+	return authContext, nil
+}
+
+// GenerateJWTToken generates a new JWT token for a user
+func (s *authenticationService) GenerateJWTToken(ctx context.Context, userToken *domain.UserToken) (string, error) {
+	s.logger.Debug("Generating JWT token", 
+		zap.String("user_id", userToken.UserID),
+		zap.String("app_id", userToken.AppID))
+
+	// Generate the token using JWT manager
+	tokenString, err := s.jwtManager.GenerateToken(userToken)
+	if err != nil {
+		s.logger.Error("Failed to generate JWT token", zap.Error(err))
+		return "", err
+	}
+
+	s.logger.Debug("JWT token generated successfully", 
+		zap.String("user_id", userToken.UserID),
+		zap.String("app_id", userToken.AppID))
+
+	return tokenString, nil
+}
+
+// RefreshJWTToken refreshes an existing JWT token
+func (s *authenticationService) RefreshJWTToken(ctx context.Context, tokenString string, newExpiration time.Time) (string, error) {
+	s.logger.Debug("Refreshing JWT token")
+
+	// Refresh the token using JWT manager
+	newTokenString, err := s.jwtManager.RefreshToken(tokenString, newExpiration)
+	if err != nil {
+		s.logger.Error("Failed to refresh JWT token", zap.Error(err))
+		return "", err
+	}
+
+	s.logger.Debug("JWT token refreshed successfully")
+
+	return newTokenString, nil
+}