From c6a49a8437a01828f13c66306178b5be4f698dfb Mon Sep 17 00:00:00 2001 From: shockrah Date: Fri, 2 Apr 2021 12:06:17 -0700 Subject: [PATCH] User JWT's now have nbf field in claims set in seconds --- json-api/src/auth.rs | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/json-api/src/auth.rs b/json-api/src/auth.rs index d8ae090..e05c2cc 100644 --- a/json-api/src/auth.rs +++ b/json-api/src/auth.rs @@ -25,6 +25,7 @@ lazy_static! { struct Claim { sub: db::UBigInt, // user id exp: db::BigInt, // expiry date + nbf: i64, cookie: String, // unique cookie value } @@ -32,14 +33,21 @@ impl Claim { pub fn new(id: db::UBigInt) -> Claim { // JWT's expire every 48 hours - let now = (SystemTime::now() + Duration::from_secs(60 * 60 * 48)) + let now = SystemTime::now(); + let exp = (now + Duration::from_secs(60 * 60 * 48)) .duration_since(UNIX_EPOCH) - .expect("System time fetch failed") - .as_millis() as i64; + .expect("System time conversion failed") + .as_secs() as i64; + + let nbf = now + .duration_since(UNIX_EPOCH) + .expect("System time conversion failed") + .as_secs() as i64; Claim { sub: id, - exp: now, + exp, + nbf, cookie: generate_cookie() } } @@ -120,9 +128,8 @@ async fn valid_jwt(token: &str) -> AuthReason { let now = SystemTime::now() .duration_since(UNIX_EPOCH) .expect("System time fetch failed") - .as_millis() as i64; + .as_secs() as i64; - // subject used for querying speed NOT security let active = now < decoded.claims.exp; if active { AuthReason::Good @@ -204,7 +211,7 @@ pub async fn wall_entry<'path, 'pool, 'params>( } } -pub async fn login_get_jwt(p: &Pool, response: &mut hyper::Response, params: HashMap) { +pub async fn login_get_jwt(response: &mut hyper::Response, params: HashMap) { // Login data has already been validated at this point // Required data such as 'id' and 'secret' are there and validated use jsonwebtoken::{