Adding not before and expires on the JWT token, to limit hijacking of the token

81d9122f · okhin · e6ee6e95 · 81d9122f
Commit 81d9122f authored Mar 27, 2017 by okhin
--- a/app/Main.php
+++ b/app/Main.php
@@ -70,7 +70,7 @@ class Main extends Controller {
        elseif ($f3->get('VERB') == 'POST'){
            // Create the call
            // Generate a jwt token
-            $token = JWT::encode(array('api' => JWT_TOKEN), JWT_KEY);
+            $token = JWT::encode(array('api' => JWT_TOKEN, 'nbf' => time(), 'exp' => time() + 10 * 60), JWT_KEY);
            // To get the callee, we have the callee_id in the form. Using that
            // to load the callee and retrieve its number.
            $contact = Api::get_contact($args['id']);