go-gin-cli 1.0.0

package/src/lib/utils/create-auth.js

@@ -0,0 +1,937 @@
+#!/usr/bin/env node
+
+const fs = require("fs").promises;
+const path = require("path");
+const createDir = require("../shares/createDir");
+const createFile = require("../shares/createFile");
+const { COLORS } = require("../constants/index");
+
+/**
+ * AuthGenerator - Generates JWT and Passport authentication files for Go Clean Architecture
+ * 
+ * Structure:
+ * src/
+ * ├── domain/
+ * │   └── models/auth.go
+ * ├── infrastructure/
+ * │   ├── common/
+ * │   │   ├── auth/
+ * │   │   │   ├── jwt.go
+ * │   │   │   ├── passport.go
+ * │   │   │   └── middleware.go
+ * │   │   └── guards/
+ * │   │       └── auth_guard.go
+ * │   └── repositories/auth/
+ * │       └── auth.repository.go
+ * └── usecases/auth/
+ *     └── auth.usecase.go
+ */
+class AuthGenerator {
+  constructor() {
+    this.srcDir = "src";
+    this.domainDir = path.join(this.srcDir, "domain");
+    this.infrastructureDir = path.join(this.srcDir, "infrastructure");
+    this.usecasesDir = path.join(this.srcDir, "usecases");
+    
+    // Get go module name from go.mod
+    this.goModule = this.getGoModuleName();
+  }
+
+  getGoModuleName() {
+    try {
+      const goModPath = path.join(process.cwd(), "go.mod");
+      const content = require("fs").readFileSync(goModPath, "utf8");
+      const match = content.match(/module\s+(.+)/);
+      return match ? match[1].trim() : "github.com/example/project";
+    } catch {
+      return "github.com/example/project";
+    }
+  }
+
+  async execute() {
+    try {
+      console.log(`${COLORS.YELLOW}Starting authentication generation...${COLORS.NC}`);
+      
+      // Check if auth already exists
+      const authDir = path.join(this.infrastructureDir, "common", "auth");
+      try {
+        await fs.access(authDir);
+        console.log(`${COLORS.YELLOW}⚠ Authentication module already exists${COLORS.NC}`);
+        return;
+      } catch {
+        // Directory doesn't exist, continue
+      }
+
+      await this.setupDirectories();
+      await this.generateDomainFiles();
+      await this.generateInfrastructureFiles();
+      await this.generateUsecaseFiles();
+      await this.updateGoMod();
+      
+      console.log(`${COLORS.GREEN}Authentication generation completed successfully!${COLORS.NC}`);
+      this.printSummary();
+    } catch (error) {
+      console.error(`${COLORS.RED}Error during generation:${COLORS.NC} ${error.message}`);
+      throw error;
+    }
+  }
+
+  async setupDirectories() {
+    const dirs = [
+      path.join(this.infrastructureDir, "common", "auth"),
+      path.join(this.infrastructureDir, "repositories", "auth"),
+      path.join(this.usecasesDir, "auth"),
+    ];
+
+    for (const dir of dirs) {
+      await createDir(dir);
+    }
+    console.log(`${COLORS.GREEN}✔ Created directories${COLORS.NC}`);
+  }
+
+  async generateDomainFiles() {
+    // Auth model
+    await createFile(
+      path.join(this.domainDir, "models", "auth.go"),
+      this.getAuthModelContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created domain/models/auth.go${COLORS.NC}`);
+  }
+
+  async generateInfrastructureFiles() {
+    // JWT utility
+    await createFile(
+      path.join(this.infrastructureDir, "common", "auth", "jwt.go"),
+      this.getJwtContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created infrastructure/common/auth/jwt.go${COLORS.NC}`);
+
+    // Passport (strategies)
+    await createFile(
+      path.join(this.infrastructureDir, "common", "auth", "passport.go"),
+      this.getPassportContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created infrastructure/common/auth/passport.go${COLORS.NC}`);
+
+    // Auth middleware
+    await createFile(
+      path.join(this.infrastructureDir, "common", "auth", "middleware.go"),
+      this.getMiddlewareContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created infrastructure/common/auth/middleware.go${COLORS.NC}`);
+
+    // Auth middleware for Gin
+    await createFile(
+      path.join(this.infrastructureDir, "common", "middleware", "auth.go"),
+      this.getAuthMiddlewareGinContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created infrastructure/common/middleware/auth.go${COLORS.NC}`);
+
+    // Auth repository
+    await createFile(
+      path.join(this.infrastructureDir, "repositories", "auth", "auth.repository.go"),
+      this.getAuthRepositoryContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created infrastructure/repositories/auth/auth.repository.go${COLORS.NC}`);
+  }
+
+  async generateUsecaseFiles() {
+    await createFile(
+      path.join(this.usecasesDir, "auth", "auth.usecase.go"),
+      this.getAuthUsecaseContent()
+    );
+    console.log(`${COLORS.GREEN}✔ Created usecases/auth/auth.usecase.go${COLORS.NC}`);
+  }
+
+  async updateGoMod() {
+    const goModPath = path.join(process.cwd(), "go.mod");
+    try {
+      let content = await fs.readFile(goModPath, "utf8");
+      
+      // Add JWT dependency if not present
+      if (!content.includes("github.com/golang-jwt/jwt/v5")) {
+        content = content.replace(
+          /require \(/,
+          `require (\n\tgithub.com/golang-jwt/jwt/v5 v5.2.0`
+        );
+        await fs.writeFile(goModPath, content, "utf8");
+        console.log(`${COLORS.GREEN}✔ Added JWT dependency to go.mod${COLORS.NC}`);
+      }
+    } catch (error) {
+      console.log(`${COLORS.YELLOW}⚠ Could not update go.mod: ${error.message}${COLORS.NC}`);
+    }
+  }
+
+  printSummary() {
+    console.log(`
+${COLORS.CYAN}╔════════════════════════════════════════════════════════════╗
+║                    Authentication Generated                   ║
+╠════════════════════════════════════════════════════════════╣
+║  📁 Files created:                                           ║
+║     • domain/models/auth.go                                  ║
+║     • infrastructure/common/auth/jwt.go                      ║
+║     • infrastructure/common/auth/passport.go                 ║
+║     • infrastructure/common/auth/middleware.go               ║
+║     • infrastructure/common/middleware/auth.go              ║
+║     • infrastructure/repositories/auth/auth.repository.go   ║
+║     • usecases/auth/auth.usecase.go                          ║
+╠════════════════════════════════════════════════════════════╣
+║  🔧 Next steps:                                              ║
+║     1. Set JWT_SECRET in your .env file                      ║
+║     2. Run: go mod tidy                                      ║
+║     3. Use auth.Usecase in your services                     ║
+╚════════════════════════════════════════════════════════════╝${COLORS.NC}
+`);
+  }
+
+  // ============================================
+  // Content Generators
+  // ============================================
+
+  getAuthModelContent() {
+    return `package models
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+)
+
+// AuthUser represents the authenticated user
+type AuthUser struct {
+	ID        uuid.UUID \`json:"id"\`
+	Email     string    \`json:"email"\`
+	Role      string    \`json:"role"\`
+	IsActive  bool      \`json:"is_active"\`
+}
+
+// TokenPair represents access and refresh tokens
+type TokenPair struct {
+	AccessToken  string \`json:"access_token"\`
+	RefreshToken string \`json:"refresh_token"\`
+	ExpiresIn    int64  \`json:"expires_in"\`
+	TokenType    string \`json:"token_type"\`
+}
+
+// TokenClaims represents JWT claims
+type TokenClaims struct {
+	UserID    uuid.UUID \`json:"user_id"\`
+	Email     string    \`json:"email"\`
+	Role      string    \`json:"role"\`
+	TokenType string    \`json:"token_type"\`
+	IssuedAt  time.Time \`json:"iat"\`
+	ExpiresAt time.Time \`json:"exp"\`
+}
+
+// LoginRequest represents login credentials
+type LoginRequest struct {
+	Email    string \`json:"email"\`
+	Password string \`json:"password"\`
+}
+
+// RegisterRequest represents registration data
+type RegisterRequest struct {
+	Email    string \`json:"email"\`
+	Password string \`json:"password"\`
+	Name     string \`json:"name"\`
+}
+
+// RefreshTokenRequest represents refresh token request
+type RefreshTokenRequest struct {
+	RefreshToken string \`json:"refresh_token"\`
+}
+
+// AuthContextKey is the context key for auth user
+type AuthContextKey string
+
+// AuthUserKey is the context key for authenticated user
+const AuthUserKey AuthContextKey = "authUser"
+
+// TokenClaimsKey is the context key for token claims
+const TokenClaimsKey AuthContextKey = "tokenClaims"
+`;
+  }
+
+  getJwtContent() {
+    return `package auth
+
+import (
+	"errors"
+	"os"
+	"time"
+
+	"${this.goModule}/src/domain/models"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+var (
+	ErrInvalidToken     = errors.New("invalid token")
+	ErrExpiredToken     = errors.New("token has expired")
+	ErrInvalidSignature = errors.New("invalid token signature")
+)
+
+// JWTConfig holds JWT configuration
+type JWTConfig struct {
+	SecretKey            string
+	AccessTokenDuration  time.Duration
+	RefreshTokenDuration time.Duration
+	Issuer               string
+}
+
+// JWTService handles JWT operations
+type JWTService struct {
+	config JWTConfig
+}
+
+// NewJWTService creates a new JWT service
+func NewJWTService() *JWTService {
+	secret := os.Getenv("JWT_SECRET")
+	if secret == "" {
+		secret = "your-super-secret-key-change-in-production"
+	}
+
+	return &JWTService{
+		config: JWTConfig{
+			SecretKey:            secret,
+			AccessTokenDuration:  15 * time.Minute,
+			RefreshTokenDuration: 7 * 24 * time.Hour,
+			Issuer:               os.Getenv("JWT_ISSUER"),
+		},
+	}
+}
+
+// CustomClaims represents the JWT claims
+type CustomClaims struct {
+	UserID    string \`json:"user_id"\`
+	Email     string \`json:"email"\`
+	Role      string \`json:"role"\`
+	TokenType string \`json:"token_type"\`
+	jwt.RegisteredClaims
+}
+
+// GenerateTokenPair generates access and refresh tokens
+func (s *JWTService) GenerateTokenPair(user *models.AuthUser) (*models.TokenPair, error) {
+	accessToken, err := s.generateToken(user, "access", s.config.AccessTokenDuration)
+	if err != nil {
+		return nil, err
+	}
+
+	refreshToken, err := s.generateToken(user, "refresh", s.config.RefreshTokenDuration)
+	if err != nil {
+		return nil, err
+	}
+
+	return &models.TokenPair{
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		ExpiresIn:    int64(s.config.AccessTokenDuration.Seconds()),
+		TokenType:    "Bearer",
+	}, nil
+}
+
+// generateToken creates a new JWT token
+func (s *JWTService) generateToken(user *models.AuthUser, tokenType string, duration time.Duration) (string, error) {
+	now := time.Now()
+	claims := CustomClaims{
+		UserID:    user.ID.String(),
+		Email:     user.Email,
+		Role:      user.Role,
+		TokenType: tokenType,
+		RegisteredClaims: jwt.RegisteredClaims{
+			Issuer:    s.config.Issuer,
+			Subject:   user.ID.String(),
+			IssuedAt:  jwt.NewNumericDate(now),
+			ExpiresAt: jwt.NewNumericDate(now.Add(duration)),
+			NotBefore: jwt.NewNumericDate(now),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(s.config.SecretKey))
+}
+
+// ValidateToken validates a JWT token and returns claims
+func (s *JWTService) ValidateToken(tokenString string) (*models.TokenClaims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, ErrInvalidSignature
+		}
+		return []byte(s.config.SecretKey), nil
+	})
+
+	if err != nil {
+		if errors.Is(err, jwt.ErrTokenExpired) {
+			return nil, ErrExpiredToken
+		}
+		return nil, ErrInvalidToken
+	}
+
+	claims, ok := token.Claims.(*CustomClaims)
+	if !ok || !token.Valid {
+		return nil, ErrInvalidToken
+	}
+
+	userID, err := uuid.Parse(claims.UserID)
+	if err != nil {
+		return nil, ErrInvalidToken
+	}
+
+	return &models.TokenClaims{
+		UserID:    userID,
+		Email:     claims.Email,
+		Role:      claims.Role,
+		TokenType: claims.TokenType,
+		IssuedAt:  claims.IssuedAt.Time,
+		ExpiresAt: claims.ExpiresAt.Time,
+	}, nil
+}
+
+// RefreshAccessToken generates a new access token from a valid refresh token
+func (s *JWTService) RefreshAccessToken(refreshToken string) (*models.TokenPair, error) {
+	claims, err := s.ValidateToken(refreshToken)
+	if err != nil {
+		return nil, err
+	}
+
+	if claims.TokenType != "refresh" {
+		return nil, ErrInvalidToken
+	}
+
+	user := &models.AuthUser{
+		ID:    claims.UserID,
+		Email: claims.Email,
+		Role:  claims.Role,
+	}
+
+	return s.GenerateTokenPair(user)
+}
+`;
+  }
+
+  getPassportContent() {
+    return `package auth
+
+import (
+	"context"
+	"errors"
+
+	"${this.goModule}/src/domain/models"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+var (
+	ErrInvalidCredentials = errors.New("invalid credentials")
+	ErrUserNotFound       = errors.New("user not found")
+	ErrUserInactive       = errors.New("user account is inactive")
+)
+
+// Strategy defines the authentication strategy interface
+type Strategy interface {
+	Authenticate(ctx context.Context, credentials interface{}) (*models.AuthUser, error)
+	Name() string
+}
+
+// Passport manages authentication strategies
+type Passport struct {
+	strategies map[string]Strategy
+	jwtService *JWTService
+}
+
+// NewPassport creates a new passport instance
+func NewPassport(jwtService *JWTService) *Passport {
+	return &Passport{
+		strategies: make(map[string]Strategy),
+		jwtService: jwtService,
+	}
+}
+
+// RegisterStrategy registers an authentication strategy
+func (p *Passport) RegisterStrategy(strategy Strategy) {
+	p.strategies[strategy.Name()] = strategy
+}
+
+// Authenticate authenticates using the specified strategy
+func (p *Passport) Authenticate(ctx context.Context, strategyName string, credentials interface{}) (*models.AuthUser, error) {
+	strategy, ok := p.strategies[strategyName]
+	if !ok {
+		return nil, errors.New("unknown authentication strategy: " + strategyName)
+	}
+	return strategy.Authenticate(ctx, credentials)
+}
+
+// GenerateTokens generates JWT tokens for the authenticated user
+func (p *Passport) GenerateTokens(user *models.AuthUser) (*models.TokenPair, error) {
+	return p.jwtService.GenerateTokenPair(user)
+}
+
+// ============================================================================
+// Local Strategy (Email/Password)
+// ============================================================================
+
+// UserFinder interface for finding users
+type UserFinder interface {
+	FindByEmail(ctx context.Context, email string) (*models.AuthUser, string, error) // returns user, hashedPassword, error
+}
+
+// LocalStrategy implements email/password authentication
+type LocalStrategy struct {
+	userFinder UserFinder
+}
+
+// NewLocalStrategy creates a new local strategy
+func NewLocalStrategy(userFinder UserFinder) *LocalStrategy {
+	return &LocalStrategy{
+		userFinder: userFinder,
+	}
+}
+
+// Name returns the strategy name
+func (s *LocalStrategy) Name() string {
+	return "local"
+}
+
+// Authenticate validates email and password
+func (s *LocalStrategy) Authenticate(ctx context.Context, credentials interface{}) (*models.AuthUser, error) {
+	creds, ok := credentials.(*models.LoginRequest)
+	if !ok {
+		return nil, ErrInvalidCredentials
+	}
+
+	user, hashedPassword, err := s.userFinder.FindByEmail(ctx, creds.Email)
+	if err != nil {
+		return nil, ErrUserNotFound
+	}
+
+	if !user.IsActive {
+		return nil, ErrUserInactive
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(creds.Password)); err != nil {
+		return nil, ErrInvalidCredentials
+	}
+
+	return user, nil
+}
+
+// ============================================================================
+// JWT Strategy (Token validation)
+// ============================================================================
+
+// JWTStrategy implements JWT token authentication
+type JWTStrategy struct {
+	jwtService *JWTService
+}
+
+// NewJWTStrategy creates a new JWT strategy
+func NewJWTStrategy(jwtService *JWTService) *JWTStrategy {
+	return &JWTStrategy{
+		jwtService: jwtService,
+	}
+}
+
+// Name returns the strategy name
+func (s *JWTStrategy) Name() string {
+	return "jwt"
+}
+
+// Authenticate validates JWT token
+func (s *JWTStrategy) Authenticate(ctx context.Context, credentials interface{}) (*models.AuthUser, error) {
+	token, ok := credentials.(string)
+	if !ok {
+		return nil, ErrInvalidToken
+	}
+
+	claims, err := s.jwtService.ValidateToken(token)
+	if err != nil {
+		return nil, err
+	}
+
+	return &models.AuthUser{
+		ID:    claims.UserID,
+		Email: claims.Email,
+		Role:  claims.Role,
+	}, nil
+}
+
+// ============================================================================
+// Password Utilities
+// ============================================================================
+
+// HashPassword hashes a password using bcrypt
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	return string(bytes), err
+}
+
+// CheckPassword compares a password with its hash
+func CheckPassword(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}
+`;
+  }
+
+  getMiddlewareContent() {
+    return `package auth
+
+import (
+	"context"
+
+	"${this.goModule}/src/domain/models"
+)
+
+// GetAuthUserFromContext retrieves the authenticated user from context
+func GetAuthUserFromContext(ctx context.Context) (*models.AuthUser, bool) {
+	user, ok := ctx.Value(models.AuthUserKey).(*models.AuthUser)
+	return user, ok
+}
+
+// GetTokenClaimsFromContext retrieves token claims from context
+func GetTokenClaimsFromContext(ctx context.Context) (*models.TokenClaims, bool) {
+	claims, ok := ctx.Value(models.TokenClaimsKey).(*models.TokenClaims)
+	return claims, ok
+}
+`;
+  }
+
+  getAuthMiddlewareGinContent() {
+    return `package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"${this.goModule}/src/domain/models"
+	"${this.goModule}/src/infrastructure/common/auth"
+	"${this.goModule}/src/infrastructure/common/response"
+
+	"github.com/gin-gonic/gin"
+)
+
+// AuthMiddleware provides JWT authentication middleware for Gin
+func AuthMiddleware(jwtService *auth.JWTService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			response.Error(c, http.StatusUnauthorized, "Missing authorization header")
+			c.Abort()
+			return
+		}
+
+		// Extract token from "Bearer <token>"
+		token := strings.TrimPrefix(authHeader, "Bearer ")
+		if token == authHeader {
+			response.Error(c, http.StatusUnauthorized, "Invalid authorization format")
+			c.Abort()
+			return
+		}
+
+		// Validate token
+		claims, err := jwtService.ValidateToken(token)
+		if err != nil {
+			if err == auth.ErrExpiredToken {
+				response.Error(c, http.StatusUnauthorized, "Token expired")
+				c.Abort()
+				return
+			}
+			response.Error(c, http.StatusUnauthorized, "Invalid token")
+			c.Abort()
+			return
+		}
+
+		// Create auth user from claims
+		authUser := &models.AuthUser{
+			ID:       claims.UserID,
+			Email:    claims.Email,
+			Role:     claims.Role,
+			IsActive: true,
+		}
+
+		// Store user in context
+		c.Set(string(models.AuthUserKey), authUser)
+		c.Set(string(models.TokenClaimsKey), claims)
+
+		c.Next()
+	}
+}
+
+// GetAuthUser retrieves the authenticated user from Gin context
+func GetAuthUser(c *gin.Context) (*models.AuthUser, bool) {
+	user, exists := c.Get(string(models.AuthUserKey))
+	if !exists {
+		return nil, false
+	}
+	authUser, ok := user.(*models.AuthUser)
+	return authUser, ok
+}
+
+// RequireRole middleware checks if user has required role
+func RequireRole(roles ...string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		user, ok := GetAuthUser(c)
+		if !ok {
+			response.Error(c, http.StatusUnauthorized, "Not authenticated")
+			c.Abort()
+			return
+		}
+
+		for _, role := range roles {
+			if user.Role == role {
+				c.Next()
+				return
+			}
+		}
+
+		response.Error(c, http.StatusForbidden, "Insufficient permissions")
+		c.Abort()
+	}
+}
+`;
+  }
+
+  getAuthRepositoryContent() {
+    return `package auth
+
+import (
+	"context"
+
+	"${this.goModule}/src/domain/models"
+
+	"github.com/google/uuid"
+	"gorm.io/gorm"
+)
+
+// Repository handles auth data operations
+type Repository struct {
+	db *gorm.DB
+}
+
+// NewRepository creates a new auth repository
+func NewRepository(db *gorm.DB) *Repository {
+	return &Repository{db: db}
+}
+
+// UserEntity represents the user in database (example - adjust to your user entity)
+type UserEntity struct {
+	models.BaseModel
+	Email    string \`gorm:"uniqueIndex;not null"\`
+	Password string \`gorm:"not null"\`
+	Name     string
+	Role     string \`gorm:"default:'user'"\`
+}
+
+// TableName returns the table name
+func (UserEntity) TableName() string {
+	return "users"
+}
+
+// FindByEmail finds a user by email and returns auth user with hashed password
+func (r *Repository) FindByEmail(ctx context.Context, email string) (*models.AuthUser, string, error) {
+	var user UserEntity
+	if err := r.db.WithContext(ctx).Where("email = ?", email).First(&user).Error; err != nil {
+		return nil, "", err
+	}
+
+	authUser := &models.AuthUser{
+		ID:       user.ID,
+		Email:    user.Email,
+		Role:     user.Role,
+		IsActive: user.IsActive,
+	}
+
+	return authUser, user.Password, nil
+}
+
+// FindByID finds a user by ID
+func (r *Repository) FindByID(ctx context.Context, id uuid.UUID) (*models.AuthUser, error) {
+	var user UserEntity
+	if err := r.db.WithContext(ctx).Where("id = ?", id).First(&user).Error; err != nil {
+		return nil, err
+	}
+
+	return &models.AuthUser{
+		ID:       user.ID,
+		Email:    user.Email,
+		Role:     user.Role,
+		IsActive: user.IsActive,
+	}, nil
+}
+
+// CreateUser creates a new user
+func (r *Repository) CreateUser(ctx context.Context, email, hashedPassword, name, role string) (*models.AuthUser, error) {
+	user := &UserEntity{
+		BaseModel: models.NewBaseModel(),
+		Email:     email,
+		Password:  hashedPassword,
+		Name:      name,
+		Role:      role,
+	}
+
+	if err := r.db.WithContext(ctx).Create(user).Error; err != nil {
+		return nil, err
+	}
+
+	return &models.AuthUser{
+		ID:       user.ID,
+		Email:    user.Email,
+		Role:     user.Role,
+		IsActive: user.IsActive,
+	}, nil
+}
+
+// UpdatePassword updates user password
+func (r *Repository) UpdatePassword(ctx context.Context, userID uuid.UUID, hashedPassword string) error {
+	return r.db.WithContext(ctx).Model(&UserEntity{}).
+		Where("id = ?", userID).
+		Update("password", hashedPassword).Error
+}
+
+// EmailExists checks if email already exists
+func (r *Repository) EmailExists(ctx context.Context, email string) (bool, error) {
+	var count int64
+	err := r.db.WithContext(ctx).Model(&UserEntity{}).Where("email = ?", email).Count(&count).Error
+	return count > 0, err
+}
+`;
+  }
+
+  getAuthUsecaseContent() {
+    return `package auth
+
+import (
+	"context"
+	"errors"
+
+	"${this.goModule}/src/domain/logger"
+	"${this.goModule}/src/domain/models"
+	authPkg "${this.goModule}/src/infrastructure/common/auth"
+	authRepo "${this.goModule}/src/infrastructure/repositories/auth"
+)
+
+var (
+	ErrEmailExists      = errors.New("email already exists")
+	ErrInvalidPassword  = errors.New("password must be at least 8 characters")
+)
+
+// Usecase handles authentication business logic
+type Usecase struct {
+	repo       *authRepo.Repository
+	passport   *authPkg.Passport
+	jwtService *authPkg.JWTService
+	logger     logger.Logger
+}
+
+// NewUsecase creates a new auth usecase
+func NewUsecase(repo *authRepo.Repository, logger logger.Logger) *Usecase {
+	jwtService := authPkg.NewJWTService()
+	passport := authPkg.NewPassport(jwtService)
+
+	// Register local strategy
+	localStrategy := authPkg.NewLocalStrategy(repo)
+	passport.RegisterStrategy(localStrategy)
+
+	// Register JWT strategy
+	jwtStrategy := authPkg.NewJWTStrategy(jwtService)
+	passport.RegisterStrategy(jwtStrategy)
+
+	return &Usecase{
+		repo:       repo,
+		passport:   passport,
+		jwtService: jwtService,
+		logger:     logger,
+	}
+}
+
+// Login authenticates user and returns tokens
+func (u *Usecase) Login(ctx context.Context, req *models.LoginRequest) (*models.TokenPair, error) {
+	user, err := u.passport.Authenticate(ctx, "local", req)
+	if err != nil {
+		u.logger.Error("AuthUsecase", "Login failed", err)
+		return nil, err
+	}
+
+	tokens, err := u.passport.GenerateTokens(user)
+	if err != nil {
+		u.logger.Error("AuthUsecase", "Token generation failed", err)
+		return nil, err
+	}
+
+	u.logger.Info("AuthUsecase", "User logged in: "+user.Email)
+	return tokens, nil
+}
+
+// Register creates a new user and returns tokens
+func (u *Usecase) Register(ctx context.Context, req *models.RegisterRequest) (*models.TokenPair, error) {
+	// Validate password
+	if len(req.Password) < 8 {
+		return nil, ErrInvalidPassword
+	}
+
+	// Check if email exists
+	exists, err := u.repo.EmailExists(ctx, req.Email)
+	if err != nil {
+		u.logger.Error("AuthUsecase", "Email check failed", err)
+		return nil, err
+	}
+	if exists {
+		return nil, ErrEmailExists
+	}
+
+	// Hash password
+	hashedPassword, err := authPkg.HashPassword(req.Password)
+	if err != nil {
+		u.logger.Error("AuthUsecase", "Password hashing failed", err)
+		return nil, err
+	}
+
+	// Create user
+	user, err := u.repo.CreateUser(ctx, req.Email, hashedPassword, req.Name, "user")
+	if err != nil {
+		u.logger.Error("AuthUsecase", "User creation failed", err)
+		return nil, err
+	}
+
+	// Generate tokens
+	tokens, err := u.passport.GenerateTokens(user)
+	if err != nil {
+		u.logger.Error("AuthUsecase", "Token generation failed", err)
+		return nil, err
+	}
+
+	u.logger.Info("AuthUsecase", "User registered: "+user.Email)
+	return tokens, nil
+}
+
+// RefreshToken refreshes the access token
+func (u *Usecase) RefreshToken(ctx context.Context, refreshToken string) (*models.TokenPair, error) {
+	tokens, err := u.jwtService.RefreshAccessToken(refreshToken)
+	if err != nil {
+		u.logger.Error("AuthUsecase", "Token refresh failed", err)
+		return nil, err
+	}
+
+	u.logger.Info("AuthUsecase", "Token refreshed")
+	return tokens, nil
+}
+
+// ValidateToken validates a token and returns the user
+func (u *Usecase) ValidateToken(ctx context.Context, token string) (*models.AuthUser, error) {
+	user, err := u.passport.Authenticate(ctx, "jwt", token)
+	if err != nil {
+		return nil, err
+	}
+	return user, nil
+}
+
+// GetJWTService returns the JWT service for middleware use
+func (u *Usecase) GetJWTService() *authPkg.JWTService {
+	return u.jwtService
+}
+`;
+  }
+}
+
+module.exports = AuthGenerator;