From eb0c91b62ae10cbf8b6c787313855a9efd63f2f0 Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Sat, 10 Sep 2022 11:29:23 +0200
Subject: Check expiration before sending claims

---
 src/models/auth.rs | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/models')

diff --git a/src/models/auth.rs b/src/models/auth.rs
index 0c860df..36a0175 100644
--- a/src/models/auth.rs
+++ b/src/models/auth.rs
@@ -101,6 +101,12 @@ where
         let token_data = decode::<Claims>(bearer.token(), &KEYS.decoding, &Validation::default())
             .map_err(|_| AppError::InvalidToken)?;
 
+        let now = Local::now().timestamp() as usize;
+
+        if token_data.claims.exp < now {
+            return Err(AppError::InvalidToken);
+        }
+
         Ok(token_data.claims)
     }
 }
-- 
cgit v1.2.3-71-g8e6c