root
/
telebit
mirror of https://github.com/therootcompany/telebit.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

hard-code +/- 15 minute leeway

This commit is contained in:
AJ ONeal 2020-09-03 13:47:57 -06:00
parent d6f1124cf6
commit da206dcd41
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/telebit/telebit.go
View File

@ -98,6 +98,7 @@ func main() {
apiHostname := flag.String("api-hostname", "", "the hostname used to manage clients") apiHostname := flag.String("api-hostname", "", "the hostname used to manage clients")
secret := flag.String("secret", "", "the same secret used by telebit-relay (used for JWT authentication)") secret := flag.String("secret", "", "the same secret used by telebit-relay (used for JWT authentication)")
token := flag.String("token", "", "an auth token for the server (instead of generating --secret); use --token=false to ignore any $TOKEN in env") token := flag.String("token", "", "an auth token for the server (instead of generating --secret); use --token=false to ignore any $TOKEN in env")
_ = flag.String("leeway", "", "(reserved for future use) allow for time drift / skew (hard-coded to 15 minutes)")
bindAddrsStr := flag.String("listen", "", "list of bind addresses on which to listen, such as localhost:80, or :443") bindAddrsStr := flag.String("listen", "", "list of bind addresses on which to listen, such as localhost:80, or :443")
tlsLocals := flag.String("tls-locals", "", "like --locals, but TLS will be used to connect to the local port") tlsLocals := flag.String("tls-locals", "", "like --locals, but TLS will be used to connect to the local port")
locals := flag.String("locals", "", "a list of <from-domain>:<to-port>") locals := flag.String("locals", "", "a list of <from-domain>:<to-port>")

5
mgmt/authstore/authstore.go
View File

@ -67,12 +67,13 @@ func HMACToken(secret string, maybeExp ...int) (token string, err error) {
b := make([]byte, 16) b := make([]byte, 16)
_, _ = rand.Read(b) _, _ = rand.Read(b)
leeway := 15 * time.Minute
claims := &jwt.StandardClaims{ claims := &jwt.StandardClaims{
Id: base64.RawURLEncoding.EncodeToString(b), Id: base64.RawURLEncoding.EncodeToString(b),
Subject: "", // TODO Subject: "", // TODO
Issuer: "", // TODO Issuer: "", // TODO
IssuedAt: time.Now().Unix(), IssuedAt: time.Now().Add(-leeway).Unix(),
ExpiresAt: exp, ExpiresAt: exp + int64(leeway.Seconds()),
} }
jwtToken := &jwt.Token{ jwtToken := &jwt.Token{