From 8e5867c46d4f58751d96d71f6b64b922e8a5944e Mon Sep 17 00:00:00 2001
From: James Tombleson <luther38@gmail.com>
Date: Sat, 13 Apr 2024 11:54:21 -0700
Subject: [PATCH 1/3] adding apiurl to env so we can define the issuer

---
 api/services/env.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/services/env.go b/api/services/env.go
index 7fd99a6..3ea6d90 100644
--- a/api/services/env.go
+++ b/api/services/env.go
@@ -16,7 +16,7 @@ func NewEnvConfig() domain.EnvConfig {
 		log.Println(err)
 	}
 
-	disableMigrations, err  := strconv.ParseBool(os.Getenv("DisableMigrationsOnStartup"))
+	disableMigrations, err := strconv.ParseBool(os.Getenv("DisableMigrationsOnStartup"))
 	if err != nil {
 		disableMigrations = false
 	}
@@ -24,6 +24,7 @@ func NewEnvConfig() domain.EnvConfig {
 	return domain.EnvConfig{
 		AdminToken:                 os.Getenv("AdminToken"),
 		JwtSecret:                  os.Getenv("JwtSecret"),
+		ApiUri:                     os.Getenv("ApiUri"),
 		DisableMigrationsOnStartUp: disableMigrations,
 	}
 }
-- 
2.40.1


From 08c2e36881014c32f4d60dad9ffe4f5bafc7bd25 Mon Sep 17 00:00:00 2001
From: James Tombleson <luther38@gmail.com>
Date: Sat, 13 Apr 2024 11:54:35 -0700
Subject: [PATCH 2/3] envconfig updated

---
 api/domain/models.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/domain/models.go b/api/domain/models.go
index 32a0d7b..68ab979 100644
--- a/api/domain/models.go
+++ b/api/domain/models.go
@@ -3,5 +3,6 @@ package domain
 type EnvConfig struct {
 	AdminToken                 string
 	JwtSecret                  string
+	ApiUri                     string
 	DisableMigrationsOnStartUp bool
 }
-- 
2.40.1


From db3baa0328686d1ec86dc99d5adac0af3cd9a738 Mon Sep 17 00:00:00 2001
From: James Tombleson <luther38@gmail.com>
Date: Sat, 13 Apr 2024 11:54:54 -0700
Subject: [PATCH 3/3] jwt now sends the issuer

---
 api/handlers/v1/auth.go | 2 +-
 api/handlers/v1/jwt.go  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/handlers/v1/auth.go b/api/handlers/v1/auth.go
index 209903c..f7404dc 100644
--- a/api/handlers/v1/auth.go
+++ b/api/handlers/v1/auth.go
@@ -84,7 +84,7 @@ func (h *Handler) AuthLogin(c echo.Context) error {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
 
-	token, err := h.generateJwt(username)
+	token, err := h.generateJwt(username, h.Config.ApiUri)
 	if err != nil {
 		return h.InternalServerErrorResponse(c, err.Error())
 	}
diff --git a/api/handlers/v1/jwt.go b/api/handlers/v1/jwt.go
index 6bf9530..0fc2f7d 100644
--- a/api/handlers/v1/jwt.go
+++ b/api/handlers/v1/jwt.go
@@ -56,14 +56,16 @@ func (j JwtToken) hasScope(scope string) error {
 	return errors.New(ErrJwtScopeMissing)
 }
 
-func (h *Handler) generateJwt(username string) (string, error) {
+func (h *Handler) generateJwt(username, issuer string) (string, error) {
 	secret := []byte(h.Config.JwtSecret)
 
+	// Anyone who wants to decrypt the key needs to use the same method
 	token := jwt.New(jwt.SigningMethodHS256)
 	claims := token.Claims.(jwt.MapClaims)
 	claims["exp"] = time.Now().Add(10 * time.Minute)
 	claims["authorized"] = true
 	claims["username"] = username
+	claims["iss"] = issuer
 
 	var scopes []string
 	scopes = append(scopes, domain.ScopeRecipeRead)
-- 
2.40.1