Skip to content

Commit

Permalink
node: set JWT expiry to 60 seconds (ethereum#25416)
Browse files Browse the repository at this point in the history
* node: set JWT expiry to 60 seconds

* node: rename var
  • Loading branch information
MariusVanDerWijden authored and jagdeep sidhu committed Aug 6, 2022
1 parent 3db4152 commit 7081018
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
6 changes: 4 additions & 2 deletions node/jwt_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ import (
"github.com/golang-jwt/jwt/v4"
)

const jwtExpiryTimeout = 60 * time.Second

type jwtHandler struct {
keyFunc func(token *jwt.Token) (interface{}, error)
next http.Handler
Expand Down Expand Up @@ -68,9 +70,9 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) {
http.Error(out, "token is expired", http.StatusForbidden)
case claims.IssuedAt == nil:
http.Error(out, "missing issued-at", http.StatusForbidden)
case time.Since(claims.IssuedAt.Time) > 5*time.Second:
case time.Since(claims.IssuedAt.Time) > jwtExpiryTimeout:
http.Error(out, "stale token", http.StatusForbidden)
case time.Until(claims.IssuedAt.Time) > 5*time.Second:
case time.Until(claims.IssuedAt.Time) > jwtExpiryTimeout:
http.Error(out, "future token", http.StatusForbidden)
default:
handler.next.ServeHTTP(out, r)
Expand Down
4 changes: 2 additions & 2 deletions node/rpcstack_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -356,11 +356,11 @@ func TestJWT(t *testing.T) {
expFail := []func() string{
// future
func() string {
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + 6}))
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() + int64(jwtExpiryTimeout.Seconds()) + 1}))
},
// stale
func() string {
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - 6}))
return fmt.Sprintf("Bearer %v", issueToken(secret, nil, testClaim{"iat": time.Now().Unix() - int64(jwtExpiryTimeout.Seconds()) - 1}))
},
// wrong algo
func() string {
Expand Down

0 comments on commit 7081018

Please sign in to comment.