From 5faf1825a6eeb1942f14504d87a5d7d5038fb2a2 Mon Sep 17 00:00:00 2001 From: Ingo Oppermann Date: Fri, 21 Jul 2023 15:49:57 +0200 Subject: [PATCH] Remove unrequired fields from session token, parametrize TTL --- http/api/session.go | 1 + http/handler/api/session.go | 3 ++- iam/identity/identity.go | 8 +++----- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/http/api/session.go b/http/api/session.go index cb5ef8d8..9a0bbd96 100644 --- a/http/api/session.go +++ b/http/api/session.go @@ -145,5 +145,6 @@ type SessionTokenRequest struct { Match string `json:"match"` Remote []string `json:"remote"` Extra map[string]interface{} `json:"extra"` + TTL int64 `json:"ttl_sec"` Token string `json:"token,omitempty"` } diff --git a/http/handler/api/session.go b/http/handler/api/session.go index 31427110..1af4689b 100644 --- a/http/handler/api/session.go +++ b/http/handler/api/session.go @@ -3,6 +3,7 @@ package api import ( "net/http" "strings" + "time" "github.com/datarhei/core/v16/http/api" "github.com/datarhei/core/v16/http/handler/util" @@ -124,7 +125,7 @@ func (s *SessionHandler) CreateToken(c echo.Context) error { "extra": req.Extra, } - request[i].Token = identity.GetServiceSession(data) + request[i].Token = identity.GetServiceSession(data, time.Duration(req.TTL)*time.Second) } return c.JSON(http.StatusOK, request) diff --git a/iam/identity/identity.go b/iam/identity/identity.go index 8272e3e0..417d1a13 100644 --- a/iam/identity/identity.go +++ b/iam/identity/identity.go @@ -104,7 +104,7 @@ type Verifier interface { GetServiceBasicAuth() string GetServiceToken() string - GetServiceSession(interface{}) string + GetServiceSession(interface{}, time.Duration) string IsSuperuser() bool } @@ -427,7 +427,7 @@ func (i *identity) VerifyServiceSession(jwt string) (bool, interface{}, error) { return true, claims["data"], nil } -func (i *identity) GetServiceSession(data interface{}) string { +func (i *identity) GetServiceSession(data interface{}, ttl time.Duration) string { i.lock.RLock() defer i.lock.RUnlock() @@ -440,7 +440,7 @@ func (i *identity) GetServiceSession(data interface{}) string { } now := time.Now() - accessExpires := now.Add(time.Minute * 10) + accessExpires := now.Add(ttl) // Create access token accessToken := jwtgo.NewWithClaims(jwtgo.SigningMethodHS256, jwtgo.MapClaims{ @@ -448,8 +448,6 @@ func (i *identity) GetServiceSession(data interface{}) string { "sub": i.user.Name, "iat": now.Unix(), "exp": accessExpires.Unix(), - "exi": uint64(accessExpires.Sub(now).Seconds()), - "jti": uuid.New().String(), "data": data, })