forked from cerc-io/plugeth
node: set JWT expiry to 60 seconds (#25416)
* node: set JWT expiry to 60 seconds * node: rename var
This commit is contained in:
parent
c02b0488fb
commit
f26b63089a
@ -24,6 +24,8 @@ import (
|
|||||||
"github.com/golang-jwt/jwt/v4"
|
"github.com/golang-jwt/jwt/v4"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const jwtExpiryTimeout = 60 * time.Second
|
||||||
|
|
||||||
type jwtHandler struct {
|
type jwtHandler struct {
|
||||||
keyFunc func(token *jwt.Token) (interface{}, error)
|
keyFunc func(token *jwt.Token) (interface{}, error)
|
||||||
next http.Handler
|
next http.Handler
|
||||||
@ -68,9 +70,9 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) {
|
|||||||
http.Error(out, "token is expired", http.StatusForbidden)
|
http.Error(out, "token is expired", http.StatusForbidden)
|
||||||
case claims.IssuedAt == nil:
|
case claims.IssuedAt == nil:
|
||||||
http.Error(out, "missing issued-at", http.StatusForbidden)
|
http.Error(out, "missing issued-at", http.StatusForbidden)
|
||||||
case time.Since(claims.IssuedAt.Time) > 5*time.Second:
|
case time.Since(claims.IssuedAt.Time) > jwtExpiryTimeout:
|
||||||
http.Error(out, "stale token", http.StatusForbidden)
|
http.Error(out, "stale token", http.StatusForbidden)
|
||||||
case time.Until(claims.IssuedAt.Time) > 5*time.Second:
|
case time.Until(claims.IssuedAt.Time) > jwtExpiryTimeout:
|
||||||
http.Error(out, "future token", http.StatusForbidden)
|
http.Error(out, "future token", http.StatusForbidden)
|
||||||
default:
|
default:
|
||||||
handler.next.ServeHTTP(out, r)
|
handler.next.ServeHTTP(out, r)
|
||||||
|
@ -356,11 +356,11 @@ func TestJWT(t *testing.T) {
|
|||||||
expFail := []func() string{
|
expFail := []func() string{
|
||||||
// future
|
// future
|
||||||
func() string {
|
func() string {
|
||||||
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 6}))
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + int64(jwtExpiryTimeout.Seconds()) + 1}))
|
||||||
},
|
},
|
||||||
// stale
|
// stale
|
||||||
func() string {
|
func() string {
|
||||||
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 6}))
|
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - int64(jwtExpiryTimeout.Seconds()) - 1}))
|
||||||
},
|
},
|
||||||
// wrong algo
|
// wrong algo
|
||||||
func() string {
|
func() string {
|
||||||
|
Loading…
Reference in New Issue
Block a user