fix: redirection token expiration check

open-amt-cloud-toolkit · Oct 6, 2023 · 69b8a2b · 69b8a2b
1 parent 1b30f38
commit 69b8a2b
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/src/server/webserver.ts b/src/server/webserver.ts
@@ -189,11 +189,15 @@ export class WebServer {
     // verify JWT
     try {
       const valid = this.jws.verify(info.req.headers['sec-websocket-protocol'], 'HS256', Environment.Config.jwt_secret)
-      if (!valid) {
-        return false
+      const decodedToken = this.jws.decode(info.req.headers['sec-websocket-protocol'])
+      const currentTimestamp = Math.floor(Date.now() / 1000); // Current timestamp in seconds
+
+      if (!valid || !(decodedToken.payload.exp && decodedToken.payload.exp > currentTimestamp)) {
+        logger.error('Redirection token invalid')
+        return false  // reject connection if problem with verify
       }
-    } catch (err) { // reject connection if problem with verify
-      return false
+    } catch (error) {
+      logger.error(`Error verifying the token: ${error.message}`)
     }
     // Test if device has an established KVM session
     const startIndex = info.req.url.indexOf('host=')