Adding not before and expires on the JWT token, to limit hijacking of the token

app/Main.php

@@ -70,7 +70,7 @@ class Main extends Controller {
         elseif ($f3->get('VERB') == 'POST'){
             // Create the call
             // Generate a jwt token
-            $token = JWT::encode(array('api' => JWT_TOKEN), JWT_KEY);
+            $token = JWT::encode(array('api' => JWT_TOKEN, 'nbf' => time(), 'exp' => time() + 10 * 60), JWT_KEY);
             // To get the callee, we have the callee_id in the form. Using that
             // to load the callee and retrieve its number.
             $contact = Api::get_contact($args['id']);