Allow custom JWT service expiry times

2025-12-20 02:00:11 -08:00 · 2020-04-15 20:09:51 +10:00 · 2020-04-15 20:09:51 +10:00 · 9b998a7582
commit 9b998a7582
parent 0bbb5d121d
4 changed files with 36 additions and 14 deletions
--- a/irc/handlers.go
+++ b/irc/handlers.go
@ -922,7 +922,6 @@ func extjwtHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Re
 	}

 	claims := jwt.MapClaims{
-		"exp":     time.Now().Unix() + expireInSeconds,
 		"iss":     server.name,
 		"sub":     client.Nick(),
 		"account": accountName,
@ -945,8 +944,6 @@ func extjwtHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Re
 		}
 	}

-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-
 	// we default to a secret of `*`. if you want a real secret setup a service in the config~
 	service := "*"
 	secret := "*"
@ -954,14 +951,19 @@ func extjwtHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Re
 		service = strings.ToLower(msg.Params[1])

 		c := server.Config()
-		var exists bool
-		secret, exists = c.Server.JwtServices[service]
+		info, exists := c.Server.JwtServices[service]
 		if !exists {
 			rb.Add(nil, server.name, "FAIL", "EXTJWT", "NO_SUCH_SERVICE", client.t("No such service"))
 			return false
 		}
+		secret = info.Secret
+		if info.ExpiryInSeconds != 0 {
+			expireInSeconds = info.ExpiryInSeconds
+		}
 	}
+	claims["exp"] = time.Now().Unix() + expireInSeconds

+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	tokenString, err := token.SignedString([]byte(secret))

 	if err == nil {