diff --git a/api/src/security/jwt.js b/api/src/security/jwt.js index d14f6a75..e920e444 100644 --- a/api/src/security/jwt.js +++ b/api/src/security/jwt.js @@ -12,7 +12,7 @@ const makeHmac = (header, payload) => .digest("base64url"); export const generate = () => { - const exp = new Date().getTime() + env.jwtLifetime * 1000; + const exp = Math.floor(new Date().getTime() / 1000) + env.jwtLifetime; const header = toBase64URL(JSON.stringify({ alg: "HS256", @@ -20,7 +20,7 @@ export const generate = () => { })); const payload = toBase64URL(JSON.stringify({ - jti: nanoid(3), + jti: nanoid(8), exp, })); @@ -34,7 +34,7 @@ export const generate = () => { export const verify = (jwt) => { const [header, payload, signature] = jwt.split(".", 3); - const timestamp = new Date().getTime(); + const timestamp = Math.floor(new Date().getTime() / 1000); if ([header, payload, signature].join('.') !== jwt) { return false; diff --git a/web/src/lib/api/session.ts b/web/src/lib/api/session.ts index 829c3f8d..8f616d17 100644 --- a/web/src/lib/api/session.ts +++ b/web/src/lib/api/session.ts @@ -42,7 +42,7 @@ export const requestSession = async() => { } export const getSession = async () => { - const currentTime = new Date().getTime(); + const currentTime = Math.floor(new Date().getTime() / 1000); const cache = get(cachedSession); if (cache?.token && cache?.exp > currentTime) {