feat: implement aud into payload

Bulletdev · Bulletdev · commit 386d619f2af5 · 2026-04-20T01:50:55.000-03:00
O gateway valida jwt.WithAudience("prostaff-riot-gateway") no source Go,  sem o aud no payload, rejeita sempre
  com 401 independente do secret estar correto
diff --git a/README.md b/README.md
@@ -1244,6 +1244,8 @@ JWT_SECRET_KEY=your-production-secret
 
 # External APIs
 RIOT_API_KEY=your-riot-api-key
+RIOT_GATEWAY_URL=http://riot-gateway:4444      # prostaff-riot-gateway internal URL
+INTERNAL_JWT_SECRET=your-internal-jwt-secret  # shared with prostaff-riot-gateway (must match)
 PANDASCORE_API_KEY=your-pandascore-api-key
 
 # Frontend
diff --git a/app/modules/riot_integration/services/riot_api_service.rb b/app/modules/riot_integration/services/riot_api_service.rb
@@ -95,7 +95,7 @@ def get(path)
   end
 
   def internal_jwt
-    payload = { service: 'prostaff-api', exp: 1.hour.from_now.to_i }
+    payload = { service: 'prostaff-api', aud: ['prostaff-riot-gateway'], exp: 1.hour.from_now.to_i }
     JWT.encode(payload, ENV.fetch('INTERNAL_JWT_SECRET'), 'HS256')
   end
 
