From d5118beb58e996045420ce591e7ed33ed60413f3 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Wed, 13 Mar 2024 18:44:09 -0400
Subject: [PATCH] refactor: allow purpose to be none

---
 account/jwt.go               | 1 +
 api/middleware/middleware.go | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/account/jwt.go b/account/jwt.go
index ce67ed7..3c496c0 100644
--- a/account/jwt.go
+++ b/account/jwt.go
@@ -26,6 +26,7 @@ var (
 const (
 	JWTPurposeLogin JWTPurpose = "login"
 	JWTPurpose2FA   JWTPurpose = "2fa"
+	JWTPurposeNone  JWTPurpose = ""
 )
 
 func JWTGenerateToken(domain string, privateKey ed25519.PrivateKey, userID uint, purpose JWTPurpose) (string, error) {
diff --git a/api/middleware/middleware.go b/api/middleware/middleware.go
index 97a76e7..05ec632 100644
--- a/api/middleware/middleware.go
+++ b/api/middleware/middleware.go
@@ -104,9 +104,6 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
 	if options.AuthContextKey == "" {
 		options.AuthContextKey = DEFAULT_AUTH_CONTEXT_KEY
 	}
-	if options.Purpose == "" {
-		panic("purpose is missing")
-	}
 
 	domain := options.Config.Config().Core.Domain
 
@@ -126,7 +123,7 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
 			claim, err := account.JWTVerifyToken(authToken, domain, options.Identity, func(claim *jwt.RegisteredClaims) error {
 				aud, _ := claim.GetAudience()
 
-				if slices.Contains[jwt.ClaimStrings, string](aud, string(options.Purpose)) == false {
+				if options.Purpose != account.JWTPurposeNone && slices.Contains[jwt.ClaimStrings, string](aud, string(options.Purpose)) == false {
 					return account.ErrJWTInvalid
 				}