From e690a775fdac01649e974b09a8197ded4550fecb Mon Sep 17 00:00:00 2001
From: Zack Fu Zi Xiang <speed2exe@live.com.sg>
Date: Fri, 26 Jan 2024 13:45:57 +0800
Subject: [PATCH] feat: add token expiry check in token

---
 Cargo.lock                           |  7 ++++---
 libs/gotrue-entity/Cargo.toml        |  1 +
 libs/gotrue-entity/src/gotrue_jwt.rs | 12 +++++++++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index de9865a6..afd0f22a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1133,9 +1133,9 @@ checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e"
 
 [[package]]
 name = "chrono"
-version = "0.4.31"
+version = "0.4.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38"
+checksum = "9f13690e35a5e4ace198e7beea2895d29f3a9cc55015fcebe6336bd2010af9eb"
 dependencies = [
  "android-tzdata",
  "iana-time-zone",
@@ -1143,7 +1143,7 @@ dependencies = [
  "num-traits",
  "serde",
  "wasm-bindgen",
- "windows-targets 0.48.5",
+ "windows-targets 0.52.0",
 ]
 
 [[package]]
@@ -2249,6 +2249,7 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "app-error",
+ "chrono",
  "jsonwebtoken",
  "lazy_static",
  "serde",
diff --git a/libs/gotrue-entity/Cargo.toml b/libs/gotrue-entity/Cargo.toml
index aae1a6a3..647dadaf 100644
--- a/libs/gotrue-entity/Cargo.toml
+++ b/libs/gotrue-entity/Cargo.toml
@@ -12,3 +12,4 @@ anyhow = "1.0.79"
 lazy_static = "1.4.0"
 jsonwebtoken = "8.3.0"
 app-error = { workspace = true, features = ["gotrue_error"] }
+chrono = "0.4.33"
diff --git a/libs/gotrue-entity/src/gotrue_jwt.rs b/libs/gotrue-entity/src/gotrue_jwt.rs
index 192c80eb..a8893a78 100644
--- a/libs/gotrue-entity/src/gotrue_jwt.rs
+++ b/libs/gotrue-entity/src/gotrue_jwt.rs
@@ -35,6 +35,16 @@ lazy_static::lazy_static! {
 
 impl GoTrueJWTClaims {
   pub fn verify(token: &str, secret: &[u8]) -> Result<Self, jsonwebtoken::errors::Error> {
-    Ok(decode(token, &DecodingKey::from_secret(secret), &VALIDATION)?.claims)
+    let claims = decode::<Self>(token, &DecodingKey::from_secret(secret), &VALIDATION)?.claims;
+
+    let ts_expiry = claims.exp.ok_or_else(|| {
+      jsonwebtoken::errors::ErrorKind::MissingRequiredClaim("expect exp but not found".to_owned())
+    })?;
+
+    let ts_now = chrono::Utc::now().timestamp();
+    match ts_now > ts_expiry {
+      true => Err(jsonwebtoken::errors::ErrorKind::ExpiredSignature.into()),
+      false => Ok(claims),
+    }
   }
 }