e045e00fbf
Add self-service password change that re-hashes the credential and bumps a per-user session version so all existing access/refresh tokens are rejected. Session version is tracked in Redis with an in-memory fallback and enforced in middleware and refresh. Scope prompt rules and rule groups to a brand: new brand_id column (migrated to a "未归属" fallback brand for existing rows), brand-filtered queries/indexes, and brand-aware admin-web tabs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
15 lines
353 B
Go
15 lines
353 B
Go
package auth
|
|
|
|
import (
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
type Claims struct {
|
|
UserID int64 `json:"user_id"`
|
|
TenantID int64 `json:"tenant_id"`
|
|
PrimaryWorkspaceID int64 `json:"primary_workspace_id"`
|
|
Role string `json:"role"`
|
|
SessionVersion int64 `json:"session_version,omitempty"`
|
|
jwt.RegisteredClaims
|
|
}
|