From 9592e59f76e1598281724f930f26a0ae81ef387a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 17 Aug 2024 17:58:40 +0600
Subject: [PATCH] api/jwt: fix timestamp to match the spec

---
 api/src/security/jwt.js    | 6 +++---
 web/src/lib/api/session.ts | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/security/jwt.js b/api/src/security/jwt.js
index d14f6a75..e920e444 100644
--- a/api/src/security/jwt.js
+++ b/api/src/security/jwt.js
@@ -12,7 +12,7 @@ const makeHmac = (header, payload) =>
         .digest("base64url");
 
 export const generate = () => {
-    const exp = new Date().getTime() + env.jwtLifetime * 1000;
+    const exp = Math.floor(new Date().getTime() / 1000) + env.jwtLifetime;
 
     const header = toBase64URL(JSON.stringify({
         alg: "HS256",
@@ -20,7 +20,7 @@ export const generate = () => {
     }));
 
     const payload = toBase64URL(JSON.stringify({
-        jti: nanoid(3),
+        jti: nanoid(8),
         exp,
     }));
 
@@ -34,7 +34,7 @@ export const generate = () => {
 
 export const verify = (jwt) => {
     const [header, payload, signature] = jwt.split(".", 3);
-    const timestamp = new Date().getTime();
+    const timestamp = Math.floor(new Date().getTime() / 1000);
 
     if ([header, payload, signature].join('.') !== jwt) {
         return false;
diff --git a/web/src/lib/api/session.ts b/web/src/lib/api/session.ts
index 829c3f8d..8f616d17 100644
--- a/web/src/lib/api/session.ts
+++ b/web/src/lib/api/session.ts
@@ -42,7 +42,7 @@ export const requestSession = async() => {
 }
 
 export const getSession = async () => {
-    const currentTime = new Date().getTime();
+    const currentTime = Math.floor(new Date().getTime() / 1000);
     const cache = get(cachedSession);
 
     if (cache?.token && cache?.exp > currentTime) {