chore(jwt): removed timestamps from JWT

ful1e5 · Nov 21, 2023 · d01d491 · d01d491
1 parent fb67632
commit d01d491
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/core/utils/token.py b/core/utils/token.py
@@ -50,7 +50,7 @@ def log_error(e):
         logger.error(e) if logger else None
 
     try:
-        payload = jwt.decode(token, SECRET, algorithms=["HS256"], leeway=10)
+        payload = jwt.decode(token, SECRET, algorithms=["HS256"])
         auth = as_token(payload)
         if auth:
             return auth

diff --git a/src/utils/auth/token.ts b/src/utils/auth/token.ts
@@ -8,12 +8,12 @@ import { JWTToken } from 'bibata/misc';
 const SECRET_KEY = process.env.NEXT_PUBLIC_JWT_SECRET;
 export const genAccessToken = (user?: User) => {
   const token_id = v4();
-  const iat = Math.floor(Date.now() / 1000);
-  let payload = { iat, token_id, role: 'ANONYMOUS' };
-  if (user) payload = { iat, token_id, ...user };
+  let payload = { token_id, role: 'ANONYMOUS' };
+  if (user) payload = { token_id, ...user };
 
   const token = jwt.sign(payload, process.env.NEXT_PUBLIC_JWT_SECRET, {
-    algorithm: 'HS256'
+    algorithm: 'HS256',
+    noTimestamp: true
   });
 
   return {