feat: move refresh identification strategy to aud claim

src/main/kotlin/online/danielstefani/paddy/security/dto/AuthenticationRequestDto.kt

@@ -10,6 +10,5 @@ https://www.emqx.io/docs/en/latest/access-control/authz/http.html
 data class AuthenticationRequestDto(
     val jwt: String,              // Expected to be a JWT
     val topic: String? = null,    // Topic that client wants to access
-    val refresh: Boolean = false  // Does this payload represent a refresh token request
 )
 

src/main/kotlin/online/danielstefani/paddy/security/http/HttpAuthenticationController.kt

@@ -7,6 +7,7 @@ import jakarta.ws.rs.Produces
 import jakarta.ws.rs.core.MediaType
 import online.danielstefani.paddy.security.AbstractAuthorizationController
 import online.danielstefani.paddy.jwt.JwtService
+import online.danielstefani.paddy.jwt.dto.JwtType
 import online.danielstefani.paddy.security.dto.AuthenticationRequestDto
 import online.danielstefani.paddy.security.dto.AuthenticationResultDto
 import org.jboss.resteasy.reactive.RestResponse
@@ -29,6 +30,8 @@ class HttpAuthenticationController(
         with(jwt.getJsonObject("payload")) {
             val sub = this.getString("sub") ?: "<missing sub claim>"
             val exp = this.getLong("exp") ?: 0
+            val aud = this.getString("aud") ?: ""
+            val isRefresh = aud == JwtType.REFRESH.audience
 
             // Check signature
             if (!jwtService.isJwtValid(authDto.jwt))
@@ -37,10 +40,8 @@ class HttpAuthenticationController(
             if (exp < Instant.now().epochSecond)
                 return forbid(authDto.jwt, sub)
 
-            return if (authDto.refresh)
-                    refresh(authDto.jwt, sub)
-                else
-                    allow(authDto.jwt, sub)
+            return if (isRefresh) refresh(authDto.jwt, sub)
+                else allow(authDto.jwt, sub)
         }
     }
 }