From 98b08625108e4f97b88074f392535eed6726bd36 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Sun, 21 Nov 2021 20:55:25 -0800
Subject: Add admin claim to JWT for UI

---
 auth/jwt.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/auth/jwt.go b/auth/jwt.go
index c65cf39..8d5ddc3 100644
--- a/auth/jwt.go
+++ b/auth/jwt.go
@@ -117,6 +117,8 @@ func (m *JWTManager) CreateForUser(u *models.User) (string, *models.SessionKey,
 		Audience: jwt.Audience{m.Audience},
 		Expiry:   jwt.NewNumericDate(now.Add(m.TokenExpires)),
 		IssuedAt: jwt.NewNumericDate(now),
+	}).Claims(map[string]interface{}{
+		"admin": u.IsAdmin, // Advisory, for UI, the server must never trust this
 	}).CompactSerialize()
 
 	return j, pk, err
-- 
cgit v1.2.3