♻️ Separate application domain and token issuer

2024-08-12 20:58:20 +08:00
parent 142e7c3434
commit e4d73b1d31
5 changed files with 13 additions and 63 deletions
--- a/pkg/internal/server/api/well_known_api.go
+++ b/pkg/internal/server/api/well_known_api.go
@ -12,7 +12,7 @@ func getOidcConfiguration(c *fiber.Ctx) error {
 	basepath := fmt.Sprintf("https://%s", domain)

 	return c.JSON(fiber.Map{
-		"issuer":                                           basepath,
+		"issuer":                                           viper.GetString("security.issuer"),
 		"authorization_endpoint":                           fmt.Sprintf("%s/authorize", basepath),
 		"token_endpoint":                                   fmt.Sprintf("%s/api/auth/token", basepath),
 		"userinfo_endpoint":                                fmt.Sprintf("%s/api/users/me", basepath),
--- a/pkg/internal/services/jwt.go
+++ b/pkg/internal/services/jwt.go
@ -20,7 +20,7 @@ type PayloadClaims struct {
 	Nick  string `json:"preferred_username,omitempty"`
 	Email string `json:"email,omitempty"`

-	// Additonal Stuff
+	// Additional Stuff
 	AuthorizedParties string `json:"azp,omitempty"`
 	Nonce             string `json:"nonce,omitempty"`
 	Type              string `json:"typ"`
@ -44,7 +44,7 @@ func EncodeJwt(id string, typ, sub, sed string, nonce *string, aud []string, exp
 		RegisteredClaims: jwt.RegisteredClaims{
 			Subject:   sub,
 			Audience:  aud,
-			Issuer:    fmt.Sprintf("https://%s", viper.GetString("domain")),
+			Issuer:    viper.GetString("security.issuer"),
 			ExpiresAt: jwt.NewNumericDate(exp),
 			NotBefore: jwt.NewNumericDate(time.Now()),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
--- a/pkg/internal/services/ticket.go
+++ b/pkg/internal/services/ticket.go
@ -11,7 +11,7 @@ import (
 	"github.com/samber/lo"
 )

-const InternalTokenAudience = "passport"
+const InternalTokenAudience = "solar-network"

 func DetectRisk(user models.Account, ip, ua string) bool {
 	var clue int64