Remove sensitive data from JWT and add expiry

2026-01-30 18:25:41 +01:00 · 2022-01-16 02:11:51 +01:00
parent 95512462f6
commit b1dd3012fd
1 changed files with 11 additions and 8 deletions
--- a/lib/tokens/jwt.go
+++ b/lib/tokens/jwt.go
@@ -1,25 +1,28 @@
 package tokens

 import (
+	"time"
+
 	"github.com/bumi/lndhub.go/db/models"
 	"github.com/dgrijalva/jwt-go"
 )

 type jwtCustomClaims struct {
-	ID    int64  `json:"id"`
-	Email string `json:"email"`
-	Login string `json:"login"`
+	ID int64 `json:"id"`

 	jwt.StandardClaims
 }

 // GenerateAccessToken : Generate Access Token
 func GenerateAccessToken(u *models.User) (string, error) {
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwtCustomClaims{
-		ID:    u.ID,
-		Email: u.Email.String,
-		Login: u.Login,
-	})
+	claims := &jwtCustomClaims{
+		u.ID,
+		jwt.StandardClaims{
+			// one week expiration
+			ExpiresAt: time.Now().Add(time.Hour * 27 * 7).Unix(),
+		},
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

 	t, err := token.SignedString([]byte("secret"))
 	if err != nil {