Refactor database interface to use *sql.DB directly

Simplified the database layer by removing custom interface wrappers
and using standard library *sql.DB and *sql.Tx types directly.

Changes:
- Removed DBConnection and DBTransaction interfaces from database.go
- Removed NewDBConnection() wrapper function
- Updated TokenGenerator to use *sql.DB instead of DBConnection
- Updated all validation and revocation methods to accept *sql.Tx
- Updated TableManager to work with *sql.DB directly
- Updated all tests to use db.Begin() instead of custom wrappers
- Fixed GeneratorConfig.DB field (was DBConn)
- Updated documentation in doc.go with correct API usage

Benefits:
- Simpler API with fewer abstractions
- Works directly with database/sql standard library
- Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB)
- Easier to understand and maintain
- No unnecessary wrapper layers

Breaking changes:
- GeneratorConfig.DBConn renamed to GeneratorConfig.DB
- Removed NewDBConnection() function - pass *sql.DB directly
- ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction
- Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

jwt/tokens.go

@@ -6,15 +6,34 @@ import (
 	"github.com/google/uuid"
 )
 
+// Token is the common interface implemented by both AccessToken and RefreshToken.
+// It provides methods to access token claims and manage token revocation.
 type Token interface {
+	// GetJTI returns the unique token identifier (JTI claim)
 	GetJTI() uuid.UUID
+
+	// GetEXP returns the expiration timestamp (EXP claim)
 	GetEXP() int64
+
+	// GetSUB returns the subject/user ID (SUB claim)
+	GetSUB() int
+
+	// GetScope returns the token scope ("access" or "refresh")
 	GetScope() string
+
+	// Revoke adds this token to the blacklist, preventing future use.
+	// Must be called within a database transaction context.
 	Revoke(*sql.Tx) error
+
+	// CheckNotRevoked verifies that this token has not been blacklisted.
+	// Returns true if the token is valid, false if revoked.
+	// Must be called within a database transaction context.
 	CheckNotRevoked(*sql.Tx) (bool, error)
 }
 
-// Access token
+// AccessToken represents a JWT access token with all its claims.
+// Access tokens are short-lived and used for authenticating API requests.
+// They can be marked as "fresh" for sensitive operations like password changes.
 type AccessToken struct {
 	ISS   string    // Issuer, generally TrustedHost
 	IAT   int64     // Time issued at
@@ -27,7 +46,9 @@ type AccessToken struct {
 	gen   *TokenGenerator
 }
 
-// Refresh token
+// RefreshToken represents a JWT refresh token with all its claims.
+// Refresh tokens are longer-lived and used to obtain new access tokens
+// without requiring the user to re-authenticate.
 type RefreshToken struct {
 	ISS   string    // Issuer, generally TrustedHost
 	IAT   int64     // Time issued at
@@ -51,6 +72,12 @@ func (a AccessToken) GetEXP() int64 {
 func (r RefreshToken) GetEXP() int64 {
 	return r.EXP
 }
+func (a AccessToken) GetSUB() int {
+	return a.SUB
+}
+func (r RefreshToken) GetSUB() int {
+	return r.SUB
+}
 func (a AccessToken) GetScope() string {
 	return a.Scope
 }