Skip to content

Commit

Permalink
feat(logging): track expiration in error message (#37)
Browse files Browse the repository at this point in the history
  • Loading branch information
arein authored Jun 26, 2023
1 parent 9ab939f commit 5f4dd3c
Showing 1 changed file with 26 additions and 11 deletions.
37 changes: 26 additions & 11 deletions relay_rpc/src/jwt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,20 @@ pub enum JwtError {
#[error("Invalid JWT signing algorithm")]
Header,

#[error("JWT Token is expired")]
Expired,

#[error("JWT Token is not yet valid")]
NotYetValid,
#[error("JWT Token is expired: {:?}", expiration)]
Expired { expiration: Option<i64> },

#[error(
"JWT Token is not yet valid: basic.iat: {}, now + time_leeway: {}, time_leeway: {}",
basic_iat,
now_time_leeway,
time_leeway
)]
NotYetValid {
basic_iat: i64,
now_time_leeway: i64,
time_leeway: i64,
},

#[error("Invalid audience")]
InvalidAudience,
Expand Down Expand Up @@ -202,11 +211,17 @@ pub trait VerifyableClaims: Serialize + DeserializeOwned {
let now = Utc::now().timestamp();

if matches!(basic.exp, Some(exp) if now - time_leeway > exp) {
return Err(JwtError::Expired);
return Err(JwtError::Expired {
expiration: basic.exp,
});
}

if now + time_leeway < basic.iat {
return Err(JwtError::NotYetValid);
return Err(JwtError::NotYetValid {
basic_iat: basic.iat,
now_time_leeway: now + time_leeway,
time_leeway,
});
}

if !aud.contains(&basic.aud) {
Expand Down Expand Up @@ -278,7 +293,7 @@ mod test {
.unwrap();
assert!(matches!(
Jwt(jwt.into()).decode(&aud),
Err(JwtError::NotYetValid)
Err(JwtError::NotYetValid { .. })
));

// IAT leeway, valid.
Expand All @@ -297,7 +312,7 @@ mod test {
.unwrap();
assert!(matches!(
Jwt(jwt.into()).decode(&aud),
Err(JwtError::NotYetValid)
Err(JwtError::NotYetValid { .. })
));

// Past expiration.
Expand All @@ -308,7 +323,7 @@ mod test {
.unwrap();
assert!(matches!(
Jwt(jwt.into()).decode(&aud),
Err(JwtError::Expired)
Err(JwtError::Expired { .. })
));

// Expiration leeway, valid.
Expand All @@ -333,7 +348,7 @@ mod test {
.unwrap();
assert!(matches!(
Jwt(jwt.into()).decode(&aud),
Err(JwtError::Expired)
Err(JwtError::Expired { .. })
));

// Invalid aud.
Expand Down

0 comments on commit 5f4dd3c

Please sign in to comment.