feat(auth): add simple auth token service

- Implemented simple token service
- For debugging purposes
- Uses in-memory user repo

Author: fulleni

lib/src/services/jwt_auth_token_service.dart

@@ -100,7 +100,8 @@ class JwtAuthTokenService implements AuthTokenService {
       String? userId;
       if (subClaim is String) {
         userId = subClaim;
-        print('[validateToken] "sub" claim successfully cast to String: $userId');
+        print(
+            '[validateToken] "sub" claim successfully cast to String: $userId');
       } else if (subClaim != null) {
         print(
           '[validateToken] WARNING: "sub" claim is not a String. '
@@ -115,7 +116,8 @@ class JwtAuthTokenService implements AuthTokenService {
       }
 
       if (userId == null || userId.isEmpty) {
-        print('[validateToken] Token validation failed: Missing or empty "sub" claim.');
+        print(
+            '[validateToken] Token validation failed: Missing or empty "sub" claim.');
         // Throw specific exception for malformed token
         throw const BadRequestException(
           'Malformed token: Missing or empty subject claim.',

lib/src/services/simple_auth_token_service.dart

@@ -0,0 +1,72 @@
+import 'package:ht_api/src/services/auth_token_service.dart';
+import 'package:ht_data_repository/ht_data_repository.dart';
+import 'package:ht_shared/ht_shared.dart';
+
+/// {@template simple_auth_token_service}
+/// A minimal, dependency-free implementation of [AuthTokenService] for debugging.
+///
+/// Generates simple, predictable tokens and validates them by checking a prefix
+/// and fetching the user from the repository. Does not involve JWT logic.
+/// {@endtemplate}
+class SimpleAuthTokenService implements AuthTokenService {
+  /// {@macro simple_auth_token_service}
+  const SimpleAuthTokenService({
+    required HtDataRepository<User> userRepository,
+  }) : _userRepository = userRepository;
+
+  final HtDataRepository<User> _userRepository;
+  static const String _tokenPrefix = 'valid-token-for-user-id:';
+
+  @override
+  Future<String> generateToken(User user) async {
+    print('[SimpleAuthTokenService] Generating token for user ${user.id}');
+    final token = '$_tokenPrefix${user.id}';
+    print('[SimpleAuthTokenService] Generated token: $token');
+    // Simulate async operation if needed, though not strictly necessary here
+    await Future<void>.delayed(Duration.zero);
+    return token;
+  }
+
+  @override
+  Future<User?> validateToken(String token) async {
+    print('[SimpleAuthTokenService] Attempting to validate token: $token');
+    if (!token.startsWith(_tokenPrefix)) {
+      print('[SimpleAuthTokenService] Validation failed: Invalid prefix.');
+      // Mimic JWT behavior by throwing Unauthorized for invalid format
+      throw const UnauthorizedException('Invalid token format.');
+    }
+
+    final userId = token.substring(_tokenPrefix.length);
+    print('[SimpleAuthTokenService] Extracted user ID: $userId');
+
+    if (userId.isEmpty) {
+      print('[SimpleAuthTokenService] Validation failed: Empty user ID.');
+      throw const UnauthorizedException('Invalid token: Empty user ID.');
+    }
+
+    try {
+      print('[SimpleAuthTokenService] Attempting to read user from repository...');
+      final user = await _userRepository.read(userId);
+      print('[SimpleAuthTokenService] User read successful: ${user.id}');
+      return user;
+    } on NotFoundException {
+      print('[SimpleAuthTokenService] Validation failed: User ID $userId not found.');
+      // Return null if user not found, mimicking successful validation
+      // of a token for a non-existent user. The middleware handles this.
+      return null;
+    } on HtHttpException catch (e, s) {
+      // Handle other potential repository errors
+      print(
+        '[SimpleAuthTokenService] Validation failed: Repository error $e\n$s',
+      );
+      // Re-throw other client/repo exceptions
+      rethrow;
+    } catch (e, s) {
+      // Catch unexpected errors during validation
+      print('[SimpleAuthTokenService] Unexpected validation error: $e\n$s');
+      throw OperationFailedException(
+        'Simple token validation failed unexpectedly: $e',
+      );
+    }
+  }
+}

routes/_middleware.dart

@@ -11,8 +11,8 @@ import 'package:ht_api/src/middlewares/error_handler.dart';
 import 'package:ht_api/src/registry/model_registry.dart';
 import 'package:ht_api/src/services/auth_service.dart';
 import 'package:ht_api/src/services/auth_token_service.dart';
-// Import the new JWT service
-import 'package:ht_api/src/services/jwt_auth_token_service.dart';
+// Import the simple service for debugging
+import 'package:ht_api/src/services/simple_auth_token_service.dart';
 import 'package:ht_api/src/services/verification_code_storage_service.dart';
 import 'package:ht_app_settings_inmemory/ht_app_settings_inmemory.dart';
 import 'package:ht_app_settings_repository/ht_app_settings_repository.dart';
@@ -186,13 +186,13 @@ Handler middleware(Handler handler) {
     emailClient: HtEmailInMemoryClient(),
   );
   print('[MiddlewareSetup] HtEmailRepository instantiated.'); // Added log
-  // Auth Services (using JWT and in-memory implementations)
-  // Instantiate the new JWT service, passing its dependencies
-  final authTokenService = JwtAuthTokenService(
+  // Auth Services (using Simple and in-memory implementations for debugging)
+  // Instantiate the simple service, passing its dependencies
+  final authTokenService = SimpleAuthTokenService(
     userRepository: userRepository,
-    uuidGenerator: uuid,
+    // No uuidGenerator needed for SimpleAuthTokenService
   );
-  print('[MiddlewareSetup] JwtAuthTokenService instantiated.'); // Added log
+  print('[MiddlewareSetup] SimpleAuthTokenService instantiated.'); // Updated log
   final verificationCodeStorageService =
       InMemoryVerificationCodeStorageService();
   print('[MiddlewareSetup] InMemoryVerificationCodeStorageService instantiated.'); // Added log