Skip to content

Commit

Permalink
Validate jwt token expiration
Browse files Browse the repository at this point in the history
  • Loading branch information
l7ssha committed Dec 14, 2024
1 parent ee11350 commit e9c51d8
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/src/web_app/jwt.dart
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ shelf.Middleware processJwt(List<JwtPermission> permissions) => (innerHandler) {
return createUnauthorizedResponse("Invalid jwt token");
}

if (claim.expiry?.isBefore(DateTime.now()) ?? true) {
return createUnauthorizedResponse("Token expired");
}

final permissions = Set.of(claim.payload['permissions'] ?? []);
if (!permissions.containsAll(permissionsIntValues)) {
return createForbiddenResponse("Missing permissions");
Expand Down

0 comments on commit e9c51d8

Please sign in to comment.