refactor: Replace raw strings with domain value objects for improved type safety in authentication and OIDC.

api/src/dto.rs

@@ -1,30 +1,29 @@
 //! Request and Response DTOs
 //!
 //! Data Transfer Objects for the API.
+//! Uses domain newtypes for validation instead of the validator crate.
 
 use chrono::{DateTime, Utc};
+use domain::{Email, Password};
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
-use validator::Validate;
 
-/// Login request
-#[derive(Debug, Deserialize, Validate)]
+/// Login request with validated email and password newtypes
+#[derive(Debug, Deserialize)]
 pub struct LoginRequest {
-    #[validate(email(message = "Invalid email format"))]
-    pub email: String,
-
-    #[validate(length(min = 6, message = "Password must be at least 6 characters"))]
-    pub password: String,
+    /// Email is validated on deserialization
+    pub email: Email,
+    /// Password is validated on deserialization (min 6 chars)
+    pub password: Password,
 }
 
-/// Register request
-#[derive(Debug, Deserialize, Validate)]
+/// Register request with validated email and password newtypes
+#[derive(Debug, Deserialize)]
 pub struct RegisterRequest {
-    #[validate(email(message = "Invalid email format"))]
-    pub email: String,
-
-    #[validate(length(min = 6, message = "Password must be at least 6 characters"))]
-    pub password: String,
+    /// Email is validated on deserialization
+    pub email: Email,
+    /// Password is validated on deserialization (min 6 chars)
+    pub password: Password,
 }
 
 /// User response DTO
@@ -40,12 +39,3 @@ pub struct UserResponse {
 pub struct ConfigResponse {
     pub allow_registration: bool,
 }
-
-#[cfg(feature = "auth-jwt")]
-#[derive(Debug, Serialize, Deserialize)]
-// also newtypes
-pub struct Claims {
-    pub sub: String,
-    pub email: String,
-    pub exp: usize,
-}