From b1dd3012fd0eaadb61ba8c2c30b4a1845b4a80de Mon Sep 17 00:00:00 2001
From: Michael Bumann <hello@michaelbumann.com>
Date: Sun, 16 Jan 2022 02:11:51 +0100
Subject: [PATCH] Remove sensitive data from JWT and add expiry

---
 lib/tokens/jwt.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/lib/tokens/jwt.go b/lib/tokens/jwt.go
index 47507ff..2b55b1a 100644
--- a/lib/tokens/jwt.go
+++ b/lib/tokens/jwt.go
@@ -1,25 +1,28 @@
 package tokens
 
 import (
+	"time"
+
 	"github.com/bumi/lndhub.go/db/models"
 	"github.com/dgrijalva/jwt-go"
 )
 
 type jwtCustomClaims struct {
-	ID    int64  `json:"id"`
-	Email string `json:"email"`
-	Login string `json:"login"`
+	ID int64 `json:"id"`
 
 	jwt.StandardClaims
 }
 
 // GenerateAccessToken : Generate Access Token
 func GenerateAccessToken(u *models.User) (string, error) {
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwtCustomClaims{
-		ID:    u.ID,
-		Email: u.Email.String,
-		Login: u.Login,
-	})
+	claims := &jwtCustomClaims{
+		u.ID,
+		jwt.StandardClaims{
+			// one week expiration
+			ExpiresAt: time.Now().Add(time.Hour * 27 * 7).Unix(),
+		},
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 	t, err := token.SignedString([]byte("secret"))
 	if err != nil {