Skip to content

G
Geth-Modification
Unverified Commit f26b6308 authored by Marius van der Wijden's avatar Marius van der Wijden Committed by GitHub
Browse files
Options

node: set JWT expiry to 60 seconds (#25416) 

* node: set JWT expiry to 60 seconds

* node: rename var
parent c02b0488
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 4 deletions
node/jwt_handler.go
View file @ f26b6308
...@@ -24,6 +24,8 @@ import ( ...@@ -24,6 +24,8 @@ import (
"github.com/golang-jwt/jwt/v4" "github.com/golang-jwt/jwt/v4"
) )
const jwtExpiryTimeout = 60 * time.Second
type jwtHandler struct { type jwtHandler struct {
keyFunc func(token *jwt.Token) (interface{}, error) keyFunc func(token *jwt.Token) (interface{}, error)
next http.Handler next http.Handler
...@@ -68,9 +70,9 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) { ...@@ -68,9 +70,9 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) {
http.Error(out, "token is expired", http.StatusForbidden) http.Error(out, "token is expired", http.StatusForbidden)
case claims.IssuedAt == nil: case claims.IssuedAt == nil:
http.Error(out, "missing issued-at", http.StatusForbidden) http.Error(out, "missing issued-at", http.StatusForbidden)
case time.Since(claims.IssuedAt.Time) > 5*time.Second: case time.Since(claims.IssuedAt.Time) > jwtExpiryTimeout:
http.Error(out, "stale token", http.StatusForbidden) http.Error(out, "stale token", http.StatusForbidden)
case time.Until(claims.IssuedAt.Time) > 5*time.Second: case time.Until(claims.IssuedAt.Time) > jwtExpiryTimeout:
http.Error(out, "future token", http.StatusForbidden) http.Error(out, "future token", http.StatusForbidden)
default: default:
handler.next.ServeHTTP(out, r) handler.next.ServeHTTP(out, r)
......
node/rpcstack_test.go
View file @ f26b6308
...@@ -356,11 +356,11 @@ func TestJWT(t *testing.T) { ...@@ -356,11 +356,11 @@ func TestJWT(t *testing.T) {
expFail := []func() string{ expFail := []func() string{
// future // future
func() string { func() string {
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 6})) return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + int64(jwtExpiryTimeout.Seconds()) + 1}))
}, },
// stale // stale
func() string { func() string {
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 6})) return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - int64(jwtExpiryTimeout.Seconds()) - 1}))
}, },
// wrong algo // wrong algo
func() string { func() string {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment