fix: harden auth flows and align api contracts

internal/service/auth_cache_invalidator.go

@@ -0,0 +1,48 @@
+package service
+
+import (
+	"context"
+	"sort"
+)
+
+// AuthCacheInvalidator invalidates auth-related caches after security-sensitive writes.
+type AuthCacheInvalidator interface {
+	InvalidateUserState(userID int64)
+	InvalidateUserPerms(userID int64)
+}
+
+type nopAuthCacheInvalidator struct{}
+
+func (nopAuthCacheInvalidator) InvalidateUserState(int64) {}
+func (nopAuthCacheInvalidator) InvalidateUserPerms(int64) {}
+
+func normalizeAuthCacheInvalidator(invalidator AuthCacheInvalidator) AuthCacheInvalidator {
+	if invalidator == nil {
+		return nopAuthCacheInvalidator{}
+	}
+	return invalidator
+}
+
+func collectSortedUniqueUserIDs(ctx context.Context, idsFunc func(context.Context) ([]int64, error), fallback func(context.Context) ([]int64, error)) ([]int64, error) {
+	ids, err := idsFunc(ctx)
+	if err != nil && fallback != nil {
+		ids, err = fallback(ctx)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if len(ids) == 0 {
+		return []int64{}, nil
+	}
+	seen := make(map[int64]struct{}, len(ids))
+	unique := make([]int64, 0, len(ids))
+	for _, id := range ids {
+		if _, ok := seen[id]; ok {
+			continue
+		}
+		seen[id] = struct{}{}
+		unique = append(unique, id)
+	}
+	sort.Slice(unique, func(i, j int) bool { return unique[i] < unique[j] })
+	return unique, nil
+}