From 83e3e5a2e9f36bc92d4c5bbc6ee06448ca41094b Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Fri, 6 Jun 2025 12:04:25 +0200
Subject: [PATCH] feat: new env variable for server URI

---
 .env.example             |  4 +---
 Dockerfile               |  2 +-
 internal/auth/routes.go  |  4 ++--
 internal/config/jwt.go   |  1 -
 internal/config/mod.go   |  1 +
 internal/oauth/openid.go | 10 +++++-----
 internal/oauth/token.go  |  2 +-
 7 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/.env.example b/.env.example
index 9d0d991..d38a768 100644
--- a/.env.example
+++ b/.env.example
@@ -1,6 +1,7 @@
 
 GUARD_PORT=3001
 GUARD_HOST="127.0.0.1"
+GUARD_URI="http://localhost:3001"
 
 GUARD_DB_URL="postgres://<user>:<user>@<host>:<port>/<db>?sslmode=disable"
 
@@ -11,7 +12,6 @@ GUARD_ADMIN_PASSWORD="secret"
 GUARD_JWT_PRIVATE="rsa"
 GUARD_JWT_PUBLIC="rsa"
 GUARD_JWT_KID="my-rsa-key-1"
-GUARD_JWT_ISSUER="http://localhost:3001"
 
 GUARD_MINIO_ENDPOINT="localhost:9000"
 GUARD_MINIO_ACCESS_KEY=""
@@ -20,5 +20,3 @@ GUARD_MINIO_SECRET_KEY=""
 GOOSE_DRIVER="postgres"
 GOOSE_DBSTRING=$DATABASE_URL
 GOOSE_MIGRATION_DIR="./migrations"
-
-
diff --git a/Dockerfile b/Dockerfile
index d1e737e..a725315 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,6 +33,7 @@ COPY --from=frontend-builder /app/dist ./dist
 ENV ENV=production \
     GUARD_PORT=3001 \
     GUARD_HOST="127.0.0.1" \
+    GUARD_URI="http://localhost:3001" \
     GUARD_DB_URL="postgres://user:user@localhost:5432/db?sslmode=disable" \
     GUARD_ADMIN_NAME="admin" \
     GUARD_ADMIN_EMAIL="admin@test.net" \
@@ -40,7 +41,6 @@ ENV ENV=production \
     GUARD_JWT_PRIVATE="rsa" \
     GUARD_JWT_PUBLIC="rsa" \
     GUARD_JWT_KID="my-rsa-key-1" \
-    GUARD_JWT_ISSUER="http://localhost:3001" \
     GUARD_MINIO_ENDPOINT="localhost:9000" \
     GUARD_MINIO_ACCESS_KEY="" \
     GUARD_MINIO_SECRET_KEY="" \
diff --git a/internal/auth/routes.go b/internal/auth/routes.go
index c450453..a809f3b 100644
--- a/internal/auth/routes.go
+++ b/internal/auth/routes.go
@@ -29,7 +29,7 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
 		UserEmail: user.Email,
 		IsAdmin:   user.IsAdmin,
 		RegisteredClaims: jwt.RegisteredClaims{
-			Issuer:    h.cfg.Jwt.Issuer,
+			Issuer:    h.cfg.Uri,
 			Subject:   user.ID.String(),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
@@ -45,7 +45,7 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
 		UserEmail: user.Email,
 		IsAdmin:   user.IsAdmin,
 		RegisteredClaims: jwt.RegisteredClaims{
-			Issuer:    h.cfg.Jwt.Issuer,
+			Issuer:    h.cfg.Uri,
 			Subject:   user.ID.String(),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
diff --git a/internal/config/jwt.go b/internal/config/jwt.go
index be5edbc..c44d1d5 100644
--- a/internal/config/jwt.go
+++ b/internal/config/jwt.go
@@ -4,5 +4,4 @@ type JwtConfig struct {
 	PrivateKey string `env:"GUARD_JWT_PRIVATE" required:"true"`
 	PublicKey  string `env:"GUARD_JWT_PUBLIC" required:"true"`
 	KID        string `env:"GUARD_JWT_KID" default:"guard-rsa"`
-	Issuer     string `env:"GUARD_JWT_ISSUER" required:"true"`
 }
diff --git a/internal/config/mod.go b/internal/config/mod.go
index 95a0308..0556eab 100644
--- a/internal/config/mod.go
+++ b/internal/config/mod.go
@@ -12,6 +12,7 @@ import (
 type AppConfig struct {
 	Port        string `env:"GUARD_PORT" default:"3001"`
 	Host        string `env:"GUARD_HOST" default:"127.0.0.1"`
+	Uri         string `env:"GUARD_URI" default:"http://127.0.0.1:3001"`
 	DatabaseURL string `env:"GUARD_DB_URL" required:"true"`
 	Admin       AdminConfig
 	Jwt         JwtConfig
diff --git a/internal/oauth/openid.go b/internal/oauth/openid.go
index 6d8de29..1679504 100644
--- a/internal/oauth/openid.go
+++ b/internal/oauth/openid.go
@@ -23,11 +23,11 @@ func (h *OAuthHandler) OpenIdConfiguration(w http.ResponseWriter, r *http.Reques
 	w.Header().Set("Content-Type", "application/json")
 
 	if err := encoder.Encode(Response{
-		TokenEndpoint:         h.cfg.Jwt.Issuer + "/api/v1/oauth/token",
-		AuthorizationEndpoint: h.cfg.Jwt.Issuer + "/api/v1/oauth/authorize",
-		JwksURI:               h.cfg.Jwt.Issuer + "/.well-known/jwks.json",
-		Issuer:                h.cfg.Jwt.Issuer,
-		EndSessionEndpoint:    h.cfg.Jwt.Issuer + "/api/v1/oauth/logout",
+		TokenEndpoint:         h.cfg.Uri + "/api/v1/oauth/token",
+		AuthorizationEndpoint: h.cfg.Uri + "/api/v1/oauth/authorize",
+		JwksURI:               h.cfg.Uri + "/.well-known/jwks.json",
+		Issuer:                h.cfg.Uri,
+		EndSessionEndpoint:    h.cfg.Uri + "/api/v1/oauth/logout",
 	}); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
 	}
diff --git a/internal/oauth/token.go b/internal/oauth/token.go
index dc8f6fb..0384efa 100644
--- a/internal/oauth/token.go
+++ b/internal/oauth/token.go
@@ -91,7 +91,7 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
 			Nonce:         nonce,
 			Roles:         roles,
 			RegisteredClaims: jwt.RegisteredClaims{
-				Issuer: h.cfg.Jwt.Issuer,
+				Issuer: h.cfg.Uri,
 				// TODO: use dedicated API id that is in local DB and bind to user there
 				Subject:   user.ID.String(),
 				Audience:  jwt.ClaimStrings{clientId},