refactor: export GenerateToken for use by api package

internal/auth/auth.go

@@ -110,8 +110,8 @@ func (h *Handler) authenticate(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Generate tokens.
-	accessToken := generateToken()
-	clientToken := generateToken()
+	accessToken := GenerateToken()
+	clientToken := GenerateToken()
 
 	// Store session.
 	expiresAt := time.Now().Add(24 * time.Hour)
@@ -174,7 +174,7 @@ func (h *Handler) refresh(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Rotate access token.
-	newAccessToken := generateToken()
+	newAccessToken := GenerateToken()
 	_, err = h.db.Pool().Exec(r.Context(),
 		`UPDATE yggdrasil_sessions SET access_token = $1, expires_at = $2
 		 WHERE access_token = $3`,
@@ -252,7 +252,8 @@ func verifyPassword(password, hash string) bool {
 	return subtle.ConstantTimeCompare([]byte(hex.EncodeToString(h[:])), []byte(hash)) == 1
 }
 
-func generateToken() string {
+// GenerateToken creates a random hex token (16 bytes → 32 hex chars).
+func GenerateToken() string {
 	b := make([]byte, 16)
 	_, _ = rand.Read(b)
 	return hex.EncodeToString(b)