From dab91eea298d81a2dbfabd1fbff3cb557855e66f Mon Sep 17 00:00:00 2001 From: William Petit Date: Fri, 10 May 2019 13:44:29 +0200 Subject: [PATCH] Fix client token generation - Set NotBefore timestamp one minute in the past to prevent false negative checks - Set NotAfter timestamp 5 minutes to the future --- client/client.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/client.go b/client/client.go index 3b6c1ee..5e7c097 100644 --- a/client/client.go +++ b/client/client.go @@ -9,7 +9,7 @@ import ( "net/http" "time" - "github.com/dgrijalva/jwt-go" + jwt "github.com/dgrijalva/jwt-go" peering "forge.cadoles.com/wpetit/go-http-peering" "forge.cadoles.com/wpetit/go-http-peering/crypto" @@ -153,8 +153,8 @@ func (c *Client) addClientToken(r *http.Request, body []byte) error { token := jwt.NewWithClaims(jwt.SigningMethodRS256, peering.ClientTokenClaims{ StandardClaims: jwt.StandardClaims{ - NotBefore: time.Now().Unix(), - ExpiresAt: time.Now().Add(time.Minute * 10).Unix(), + NotBefore: time.Now().Add(time.Minute * -1).Unix(), + ExpiresAt: time.Now().Add(time.Minute * 5).Unix(), }, BodySum: bodySum, })