update to 14.1.0

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [14.1.0] - 2021-04-13
+
+### Added
+- Added expiry to verify endpoint
+
+### Updated
+- Updated README
+
 ## [14.0.1] - 2021-04-13
 
 ### Changed

Cargo.lock

@@ -543,7 +543,7 @@ dependencies = [
 
 [[package]]
 name = "broker"
-version = "14.0.1"
+version = "14.1.0"
 dependencies = [
  "anyhow",
  "async-std",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "broker"
-version = "14.0.1"
+version = "14.1.0"
 authors = ["Bevan Hunt <bevan@bevanhunt.com>"]
 edition = "2018"
 license = "MIT"

README.md

@@ -147,11 +147,12 @@ GET /verify
 
 will return: `200` or `500` or `401`
 
-200 - will return a biscuit public key and biscuit token for your microservice to perform authorization on the user scopes/facts both as byte arrays use the from_bytes method to rehydrate
+200 - will return a biscuit public key, biscuit token, and JWT expiry for your microservice (use from_bytes to hydrate the key and token)
 ```json
 {
     "key": [136,133,229,196,134,20,240,80,159,158,154,20,57,35,198,7,156,160,193,224,174,209,51,150,27,86,75,122,172,24,114,66],
-    "token": [122,133,229,196,134,20,240,80,159,158,154,20,57,35,198,7,156,160,193,224,174,209,51,150,27,86,75,122,172,24,114,121]
+    "token": [122,133,229,196,134,20,240,80,159,158,154,20,57,35,198,7,156,160,193,224,174,209,51,150,27,86,75,122,172,24,114,121],
+    "expiry: 1618352841
 }
 ```
 
@@ -357,7 +358,7 @@ will return: `200` or `500` or `400` or `401`
 
 - the `origin` can be passed in as a flag - default `*`
 - the `port` can be passed in as a flag - default `8080` - can only be set for unsecure connections
-- the `jwt_expiry` for jwts can be passed in as a flag - default `86400`
+- the `jwt_expiry` for jwts can be passed in as a flag in seconds - default `86400`
 - the `jwt_secret` for jwts should be passed in as a flag - default `secret`
 - the `secure` flag for https and can be true or false - default `false`
 - the `auto_cert` flag for an autorenewing LetsEncrypt SSL cert can be true or false - requires a resolvable domain - default `true` 

src/main.rs

@@ -311,7 +311,7 @@ fn puts_event(event: Event) -> Result<()> {
     Ok(())
 }
 
-fn jwt_aud(scopes: Vec<String>) -> Result<Option<String>> {
+fn jwt_aud(scopes: Vec<String>, exp: i64) -> Result<Option<String>> {
     let biscuit_root = KeyPair::new();
     let biscuit_public_key = biscuit_root.public();
     let public_key_bytes = biscuit_public_key.to_bytes();
@@ -331,7 +331,7 @@ fn jwt_aud(scopes: Vec<String>) -> Result<Option<String>> {
     }
     
     let biscuit = builder.build()?;
-    Ok(Some(json!({"key": public_key_bytes, "token": biscuit.to_vec()?}).to_string()))
+    Ok(Some(json!({"key": public_key_bytes, "token": biscuit.to_vec()?, "expiry": exp}).to_string()))
 }
 
 fn user_create(user_form: UserForm) -> Result<Option<String>> {
@@ -457,7 +457,7 @@ async fn create_jwt(login: LoginForm) -> Result<Option<String>> {
                                             let aud: String;
                                             match user.scopes.clone() {
                                                 Some(scopes) => {
-                                                    match jwt_aud(scopes)? {
+                                                    match jwt_aud(scopes, exp)? {
                                                         Some(a) => {
                                                             aud = a;
                                                         },
@@ -483,7 +483,7 @@ async fn create_jwt(login: LoginForm) -> Result<Option<String>> {
                                 let aud: String;
                                 match user.scopes.clone() {
                                     Some(scopes) => {
-                                        match jwt_aud(scopes)? {
+                                        match jwt_aud(scopes, exp)? {
                                             Some(a) => {
                                                 aud = a;
                                             },
@@ -505,7 +505,7 @@ async fn create_jwt(login: LoginForm) -> Result<Option<String>> {
                             let aud: String;
                             match user.scopes.clone() {
                                 Some(scopes) => {
-                                    match jwt_aud(scopes)? {
+                                    match jwt_aud(scopes, exp)? {
                                         Some(a) => {
                                             aud = a;
                                         },
@@ -599,7 +599,7 @@ async fn jwt_verify(token: String) -> Result<Option<TokenData<Claims>>> {
                                     let aud: String;
                                     match user.scopes.clone() {
                                         Some(scopes) => {
-                                            match jwt_aud(scopes)? {
+                                            match jwt_aud(scopes, exp)? {
                                                 Some(a) => {
                                                     aud = a;
                                                 },
@@ -662,7 +662,7 @@ async fn create_user(mut req: Request<()>) -> tide::Result {
 async fn login_user(mut req: Request<()>) -> tide::Result {
     let r =  req.body_string().await?;
     let login_form : LoginForm = serde_json::from_str(&r)?;
-    match create_jwt(login_form).await.unwrap() {
+    match create_jwt(login_form).await? {
         Some(jwt) => {
             let msg = json!({"jwt": jwt}).to_string();
             Ok(tide::Response::builder(200).body(msg).header("content-type", "application/json").build())