User JWT's now have nbf field in claims set in seconds

json-api/src/auth.rs

@@ -25,6 +25,7 @@ lazy_static! {
 struct Claim {
     sub: db::UBigInt, // user id
     exp: db::BigInt, // expiry date
+    nbf: i64,
     cookie: String,  // unique cookie value
 }
 
@@ -32,14 +33,21 @@ impl Claim {
     pub fn new(id: db::UBigInt) -> Claim {
         
         // JWT's expire every 48 hours
-        let now = (SystemTime::now() + Duration::from_secs(60 * 60 * 48))
+        let now = SystemTime::now();
+        let exp = (now + Duration::from_secs(60 * 60 * 48))
             .duration_since(UNIX_EPOCH)
-            .expect("System time fetch failed")
-            .as_millis() as i64;
+            .expect("System time conversion failed")
+            .as_secs() as i64;
+
+        let nbf = now
+            .duration_since(UNIX_EPOCH)
+            .expect("System time conversion failed")
+            .as_secs() as i64;
 
         Claim {
             sub: id,
-            exp: now,
+            exp,
+            nbf,
             cookie: generate_cookie()
         }
     }
@@ -120,9 +128,8 @@ async fn valid_jwt(token: &str)  -> AuthReason {
         let now = SystemTime::now()
             .duration_since(UNIX_EPOCH)
             .expect("System time fetch failed")
-            .as_millis() as i64;
+            .as_secs() as i64;
 
-        // subject used for querying speed NOT security
         let active = now < decoded.claims.exp;
         if active {
             AuthReason::Good
@@ -204,7 +211,7 @@ pub async fn wall_entry<'path, 'pool, 'params>(
     }
 }
 
-pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response<hyper::Body>, params: HashMap<String, String>) {
+pub async fn login_get_jwt(response: &mut hyper::Response<hyper::Body>, params: HashMap<String, String>) {
     // Login data has already been validated at this point
     // Required data such as 'id' and 'secret' are there and validated
     use jsonwebtoken::{