From 98c64fc0d56dc542beb31c75f4b9056d91de03cd Mon Sep 17 00:00:00 2001
From: Janis <janis-e@gmx.de>
Date: Wed, 17 Jun 2026 09:10:01 +0200
Subject: [PATCH] fix(official-bots): configure JWT verification (#72)

The official-bots service enabled smallrye-jwt but never set
mp.jwt.verify.publickey.location or issuer, so it could not validate
any incoming token and rejected every authenticated request with 401.

Add the verify public key (issuer nowchess) mirroring tournament/core,
and ship keys/public.pem from the shared keypair.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Reviewed-on: https://git.janis-eccarius.de/NowChess/NowChessSystems/pulls/72
---
 modules/official-bots/src/main/resources/application.yml | 6 ++++++
 modules/official-bots/src/main/resources/keys/public.pem | 9 +++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 modules/official-bots/src/main/resources/keys/public.pem

diff --git a/modules/official-bots/src/main/resources/application.yml b/modules/official-bots/src/main/resources/application.yml
index cf77b52..1d642d2 100644
--- a/modules/official-bots/src/main/resources/application.yml
+++ b/modules/official-bots/src/main/resources/application.yml
@@ -12,6 +12,12 @@ quarkus:
     enabled: true
   log:
     level: INFO
+  mp:
+    jwt:
+      verify:
+        publickey:
+          location: ${JWT_PUBLIC_KEY_PATH:keys/public.pem}
+        issuer: nowchess
 
 nowchess:
   redis:
diff --git a/modules/official-bots/src/main/resources/keys/public.pem b/modules/official-bots/src/main/resources/keys/public.pem
new file mode 100644
index 0000000..6b6b842
--- /dev/null
+++ b/modules/official-bots/src/main/resources/keys/public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDsnsCAl0vQx7Vu9CLDZ
+g0SG05NgUzu9T+3DTEaHGq60T2uriO8BenwyvsF3BnDqTbKf4voohZ1DNfzdbT1J
+Fj8B62FrDmxcO+sp1/b5HUCJP6y2uSRCmzOHe5k7Pk1IEi72FgBpKXSRkFibRlVf
+634g7mgsPZAQ9PJEsv4Qvm05T9L6+Gmq6N3bMVLKRXs4RhDhaFbYH9GtUg1eI0yH
+YjGyRfqzW/nqVMstOLHt8CuPouq4p7eMzeDH3YHkxPm4GG5foCXMOd2DZrW0SCcr
+7dhFeNVWzQ2m53eOhBzNQX+v3pgjVStsePhBRt2LyGfwkNzmqDgqWsMzSHRMY+cn
+WQIDAQAB
+-----END PUBLIC KEY-----