From cb3ca6dd390572fb6096773ba1eccc2f0d20bbcb Mon Sep 17 00:00:00 2001
From: Gerard Guillemas Martos <gguillemas@users.noreply.github.com>
Date: Tue, 12 Mar 2024 12:03:27 +0100
Subject: [PATCH] Add JWT ID claim to tokens issued by SurrealDB (#3651)

---
 core/src/iam/signin.rs | 5 +++++
 core/src/iam/signup.rs | 2 ++
 core/src/iam/token.rs  | 6 ++++++
 3 files changed, 13 insertions(+)

diff --git a/core/src/iam/signin.rs b/core/src/iam/signin.rs
index 33b16435..c0a3cfe6 100644
--- a/core/src/iam/signin.rs
+++ b/core/src/iam/signin.rs
@@ -11,6 +11,7 @@ use crate::sql::Value;
 use chrono::{Duration, Utc};
 use jsonwebtoken::{encode, EncodingKey};
 use std::sync::Arc;
+use uuid::Uuid;
 
 pub async fn signin(
 	kvs: &Datastore,
@@ -155,6 +156,7 @@ pub async fn sc(
 									iat: Some(Utc::now().timestamp()),
 									nbf: Some(Utc::now().timestamp()),
 									exp,
+									jti: Some(Uuid::new_v4().to_string()),
 									ns: Some(ns.to_owned()),
 									db: Some(db.to_owned()),
 									sc: Some(sc.to_owned()),
@@ -228,6 +230,7 @@ pub async fn db(
 				iat: Some(Utc::now().timestamp()),
 				nbf: Some(Utc::now().timestamp()),
 				exp,
+				jti: Some(Uuid::new_v4().to_string()),
 				ns: Some(ns.to_owned()),
 				db: Some(db.to_owned()),
 				id: Some(user),
@@ -281,6 +284,7 @@ pub async fn ns(
 				iat: Some(Utc::now().timestamp()),
 				nbf: Some(Utc::now().timestamp()),
 				exp,
+				jti: Some(Uuid::new_v4().to_string()),
 				ns: Some(ns.to_owned()),
 				id: Some(user),
 				..Claims::default()
@@ -332,6 +336,7 @@ pub async fn root(
 				iat: Some(Utc::now().timestamp()),
 				nbf: Some(Utc::now().timestamp()),
 				exp,
+				jti: Some(Uuid::new_v4().to_string()),
 				id: Some(user),
 				..Claims::default()
 			};
diff --git a/core/src/iam/signup.rs b/core/src/iam/signup.rs
index 3ad6555f..d316c55a 100644
--- a/core/src/iam/signup.rs
+++ b/core/src/iam/signup.rs
@@ -10,6 +10,7 @@ use crate::sql::Value;
 use chrono::{Duration, Utc};
 use jsonwebtoken::{encode, EncodingKey};
 use std::sync::Arc;
+use uuid::Uuid;
 
 pub async fn signup(
 	kvs: &Datastore,
@@ -73,6 +74,7 @@ pub async fn sc(
 									iss: Some(SERVER_NAME.to_owned()),
 									iat: Some(Utc::now().timestamp()),
 									nbf: Some(Utc::now().timestamp()),
+									jti: Some(Uuid::new_v4().to_string()),
 									exp: Some(
 										match sv.session {
 											Some(v) => {
diff --git a/core/src/iam/token.rs b/core/src/iam/token.rs
index 58e2bfed..540b6cf3 100644
--- a/core/src/iam/token.rs
+++ b/core/src/iam/token.rs
@@ -18,6 +18,8 @@ pub struct Claims {
 	pub exp: Option<i64>,
 	#[serde(skip_serializing_if = "Option::is_none")]
 	pub iss: Option<String>,
+	#[serde(skip_serializing_if = "Option::is_none")]
+	pub jti: Option<String>,
 	#[serde(alias = "ns")]
 	#[serde(alias = "NS")]
 	#[serde(rename = "NS")]
@@ -86,6 +88,10 @@ impl From<Claims> for Value {
 		if let Some(exp) = v.exp {
 			out.insert("exp".to_string(), exp.into());
 		}
+		// Add jti field if set
+		if let Some(jti) = v.jti {
+			out.insert("jti".to_string(), jti.into());
+		}
 		// Add NS field if set
 		if let Some(ns) = v.ns {
 			out.insert("NS".to_string(), ns.into());