From 8e5867c46d4f58751d96d71f6b64b922e8a5944e Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Sat, 13 Apr 2024 11:54:21 -0700 Subject: [PATCH 1/3] adding apiurl to env so we can define the issuer --- api/services/env.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api/services/env.go b/api/services/env.go index 7fd99a6..3ea6d90 100644 --- a/api/services/env.go +++ b/api/services/env.go @@ -16,7 +16,7 @@ func NewEnvConfig() domain.EnvConfig { log.Println(err) } - disableMigrations, err := strconv.ParseBool(os.Getenv("DisableMigrationsOnStartup")) + disableMigrations, err := strconv.ParseBool(os.Getenv("DisableMigrationsOnStartup")) if err != nil { disableMigrations = false } @@ -24,6 +24,7 @@ func NewEnvConfig() domain.EnvConfig { return domain.EnvConfig{ AdminToken: os.Getenv("AdminToken"), JwtSecret: os.Getenv("JwtSecret"), + ApiUri: os.Getenv("ApiUri"), DisableMigrationsOnStartUp: disableMigrations, } } -- 2.45.2 From 08c2e36881014c32f4d60dad9ffe4f5bafc7bd25 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Sat, 13 Apr 2024 11:54:35 -0700 Subject: [PATCH 2/3] envconfig updated --- api/domain/models.go | 1 + 1 file changed, 1 insertion(+) diff --git a/api/domain/models.go b/api/domain/models.go index 32a0d7b..68ab979 100644 --- a/api/domain/models.go +++ b/api/domain/models.go @@ -3,5 +3,6 @@ package domain type EnvConfig struct { AdminToken string JwtSecret string + ApiUri string DisableMigrationsOnStartUp bool } -- 2.45.2 From db3baa0328686d1ec86dc99d5adac0af3cd9a738 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Sat, 13 Apr 2024 11:54:54 -0700 Subject: [PATCH 3/3] jwt now sends the issuer --- api/handlers/v1/auth.go | 2 +- api/handlers/v1/jwt.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/api/handlers/v1/auth.go b/api/handlers/v1/auth.go index 209903c..f7404dc 100644 --- a/api/handlers/v1/auth.go +++ b/api/handlers/v1/auth.go @@ -84,7 +84,7 @@ func (h *Handler) AuthLogin(c echo.Context) error { return h.InternalServerErrorResponse(c, err.Error()) } - token, err := h.generateJwt(username) + token, err := h.generateJwt(username, h.Config.ApiUri) if err != nil { return h.InternalServerErrorResponse(c, err.Error()) } diff --git a/api/handlers/v1/jwt.go b/api/handlers/v1/jwt.go index 6bf9530..0fc2f7d 100644 --- a/api/handlers/v1/jwt.go +++ b/api/handlers/v1/jwt.go @@ -56,14 +56,16 @@ func (j JwtToken) hasScope(scope string) error { return errors.New(ErrJwtScopeMissing) } -func (h *Handler) generateJwt(username string) (string, error) { +func (h *Handler) generateJwt(username, issuer string) (string, error) { secret := []byte(h.Config.JwtSecret) + // Anyone who wants to decrypt the key needs to use the same method token := jwt.New(jwt.SigningMethodHS256) claims := token.Claims.(jwt.MapClaims) claims["exp"] = time.Now().Add(10 * time.Minute) claims["authorized"] = true claims["username"] = username + claims["iss"] = issuer var scopes []string scopes = append(scopes, domain.ScopeRecipeRead) -- 2.45.2