domain: add cross-cutting value objects (SystemId, DateTimeStamp, Checksum, StructuredData)

crates/adapters/auth/src/jwt.rs

@@ -1,9 +1,8 @@
 use async_trait::async_trait;
 use chrono::Utc;
-use domain::{errors::DomainError, ports::TokenIssuer, value_objects::{Role, UserId}};
+use domain::{errors::DomainError, ports::TokenIssuer, value_objects::SystemId};
 use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
 use serde::{Deserialize, Serialize};
-use std::str::FromStr;
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Claims {
@@ -30,7 +29,7 @@ impl JwtTokenIssuer {
 
 #[async_trait]
 impl TokenIssuer for JwtTokenIssuer {
-    async fn issue(&self, user_id: &UserId, role: &Role) -> Result<String, DomainError> {
+    async fn issue(&self, user_id: &SystemId, role: &str) -> Result<String, DomainError> {
         let claims = Claims {
             sub: user_id.to_string(),
             role: role.to_string(),
@@ -40,14 +39,12 @@ impl TokenIssuer for JwtTokenIssuer {
             .map_err(|e| DomainError::Internal(e.to_string()))
     }
 
-    async fn verify(&self, token: &str) -> Result<(UserId, Role), DomainError> {
+    async fn verify(&self, token: &str) -> Result<(SystemId, String), DomainError> {
         let data = decode::<Claims>(token, &self.decoding_key, &Validation::default())
             .map_err(|_| DomainError::Unauthorized("Invalid or expired token".to_string()))?;
         let uuid = uuid::Uuid::parse_str(&data.claims.sub)
             .map_err(|_| DomainError::Unauthorized("Invalid token subject".to_string()))?;
-        let role = Role::from_str(&data.claims.role)
-            .map_err(|_| DomainError::Unauthorized("Invalid role in token".to_string()))?;
-        Ok((UserId::from_uuid(uuid), role))
+        Ok((SystemId::from_uuid(uuid), data.claims.role))
     }
 }
 
@@ -58,11 +55,11 @@ mod tests {
     #[tokio::test]
     async fn issue_and_verify_roundtrip() {
         let issuer = JwtTokenIssuer::new("test-secret-key-long-enough-32chars!!");
-        let user_id = UserId::new();
-        let token = issuer.issue(&user_id, &Role::User).await.unwrap();
+        let user_id = SystemId::new();
+        let token = issuer.issue(&user_id, "user").await.unwrap();
         let (verified_id, verified_role) = issuer.verify(&token).await.unwrap();
         assert_eq!(verified_id, user_id);
-        assert_eq!(verified_role, Role::User);
+        assert_eq!(verified_role, "user");
     }
 
     #[tokio::test]

crates/adapters/postgres/src/user_repository.rs

@@ -3,9 +3,8 @@ use domain::{
     entities::User,
     errors::DomainError,
     ports::UserRepository,
-    value_objects::{Email, PasswordHash, Role, UserId},
+    value_objects::{Email, PasswordHash, SystemId},
 };
-use std::str::FromStr;
 use crate::db::PgPool;
 
 pub struct PostgresUserRepository {
@@ -18,9 +17,9 @@ impl PostgresUserRepository {
 
 #[async_trait]
 impl UserRepository for PostgresUserRepository {
-    async fn find_by_id(&self, id: &UserId) -> Result<Option<User>, DomainError> {
+    async fn find_by_id(&self, id: &SystemId) -> Result<Option<User>, DomainError> {
         let row = sqlx::query!(
-            "SELECT id, email, password_hash, role, created_at FROM users WHERE id = $1",
+            "SELECT id, email, password_hash, created_at FROM users WHERE id = $1",
             *id.as_uuid()
         )
         .fetch_optional(&self.pool)
@@ -28,10 +27,9 @@ impl UserRepository for PostgresUserRepository {
         .map_err(|e| DomainError::Internal(e.to_string()))?;
 
         row.map(|r| Ok(User {
-            id: UserId::from_uuid(r.id),
+            id: SystemId::from_uuid(r.id),
             email: Email::new(r.email)?,
             password_hash: PasswordHash::from_hash(r.password_hash),
-            role: Role::from_str(&r.role).map_err(DomainError::Internal)?,
             created_at: r.created_at,
         }))
         .transpose()
@@ -39,7 +37,7 @@ impl UserRepository for PostgresUserRepository {
 
     async fn find_by_email(&self, email: &Email) -> Result<Option<User>, DomainError> {
         let row = sqlx::query!(
-            "SELECT id, email, password_hash, role, created_at FROM users WHERE email = $1",
+            "SELECT id, email, password_hash, created_at FROM users WHERE email = $1",
             email.as_str()
         )
         .fetch_optional(&self.pool)
@@ -47,10 +45,9 @@ impl UserRepository for PostgresUserRepository {
         .map_err(|e| DomainError::Internal(e.to_string()))?;
 
         row.map(|r| Ok(User {
-            id: UserId::from_uuid(r.id),
+            id: SystemId::from_uuid(r.id),
             email: Email::new(r.email)?,
             password_hash: PasswordHash::from_hash(r.password_hash),
-            role: Role::from_str(&r.role).map_err(DomainError::Internal)?,
             created_at: r.created_at,
         }))
         .transpose()
@@ -58,16 +55,14 @@ impl UserRepository for PostgresUserRepository {
 
     async fn save(&self, user: &User) -> Result<(), DomainError> {
         sqlx::query!(
-            "INSERT INTO users (id, email, password_hash, role, created_at)
-             VALUES ($1, $2, $3, $4, $5)
+            "INSERT INTO users (id, email, password_hash, created_at)
+             VALUES ($1, $2, $3, $4)
              ON CONFLICT (id) DO UPDATE SET
                email = EXCLUDED.email,
-               password_hash = EXCLUDED.password_hash,
-               role = EXCLUDED.role",
+               password_hash = EXCLUDED.password_hash",
             *user.id.as_uuid(),
             user.email.as_str(),
             user.password_hash.as_str(),
-            user.role.to_string(),
             user.created_at
         )
         .execute(&self.pool)
@@ -76,7 +71,7 @@ impl UserRepository for PostgresUserRepository {
         Ok(())
     }
 
-    async fn delete(&self, id: &UserId) -> Result<(), DomainError> {
+    async fn delete(&self, id: &SystemId) -> Result<(), DomainError> {
         sqlx::query!("DELETE FROM users WHERE id = $1", *id.as_uuid())
             .execute(&self.pool)
             .await