Add JWT ID claim to tokens issued by SurrealDB (#3651)

2024-03-12 12:03:27 +01:00 · 2024-03-12 12:03:27 +01:00 · cb3ca6dd39
commit cb3ca6dd39
parent 2fe4f352be
3 changed files with 13 additions and 0 deletions
--- a/core/src/iam/signin.rs
+++ b/core/src/iam/signin.rs
@ -11,6 +11,7 @@ use crate::sql::Value;
 use chrono::{Duration, Utc};
 use jsonwebtoken::{encode, EncodingKey};
 use std::sync::Arc;
+use uuid::Uuid;

 pub async fn signin(
 	kvs: &Datastore,
@ -155,6 +156,7 @@ pub async fn sc(
 									iat: Some(Utc::now().timestamp()),
 									nbf: Some(Utc::now().timestamp()),
 									exp,
+									jti: Some(Uuid::new_v4().to_string()),
 									ns: Some(ns.to_owned()),
 									db: Some(db.to_owned()),
 									sc: Some(sc.to_owned()),
@ -228,6 +230,7 @@ pub async fn db(
 				iat: Some(Utc::now().timestamp()),
 				nbf: Some(Utc::now().timestamp()),
 				exp,
+				jti: Some(Uuid::new_v4().to_string()),
 				ns: Some(ns.to_owned()),
 				db: Some(db.to_owned()),
 				id: Some(user),
@ -281,6 +284,7 @@ pub async fn ns(
 				iat: Some(Utc::now().timestamp()),
 				nbf: Some(Utc::now().timestamp()),
 				exp,
+				jti: Some(Uuid::new_v4().to_string()),
 				ns: Some(ns.to_owned()),
 				id: Some(user),
 				..Claims::default()
@ -332,6 +336,7 @@ pub async fn root(
 				iat: Some(Utc::now().timestamp()),
 				nbf: Some(Utc::now().timestamp()),
 				exp,
+				jti: Some(Uuid::new_v4().to_string()),
 				id: Some(user),
 				..Claims::default()
 			};
--- a/core/src/iam/signup.rs
+++ b/core/src/iam/signup.rs
@ -10,6 +10,7 @@ use crate::sql::Value;
 use chrono::{Duration, Utc};
 use jsonwebtoken::{encode, EncodingKey};
 use std::sync::Arc;
+use uuid::Uuid;

 pub async fn signup(
 	kvs: &Datastore,
@ -73,6 +74,7 @@ pub async fn sc(
 									iss: Some(SERVER_NAME.to_owned()),
 									iat: Some(Utc::now().timestamp()),
 									nbf: Some(Utc::now().timestamp()),
+									jti: Some(Uuid::new_v4().to_string()),
 									exp: Some(
 										match sv.session {
 											Some(v) => {
--- a/core/src/iam/token.rs
+++ b/core/src/iam/token.rs
@ -18,6 +18,8 @@ pub struct Claims {
 	pub exp: Option<i64>,
 	#[serde(skip_serializing_if = "Option::is_none")]
 	pub iss: Option<String>,
+	#[serde(skip_serializing_if = "Option::is_none")]
+	pub jti: Option<String>,
 	#[serde(alias = "ns")]
 	#[serde(alias = "NS")]
 	#[serde(rename = "NS")]
@ -86,6 +88,10 @@ impl From<Claims> for Value {
 		if let Some(exp) = v.exp {
 			out.insert("exp".to_string(), exp.into());
 		}
+		// Add jti field if set
+		if let Some(jti) = v.jti {
+			out.insert("jti".to_string(), jti.into());
+		}
 		// Add NS field if set
 		if let Some(ns) = v.ns {
 			out.insert("NS".to_string(), ns.into());