From 748de8de2d9aa7f360e70fbc002c2083ebcea217 Mon Sep 17 00:00:00 2001 From: Costa Tsaousis Date: Fri, 14 Jul 2023 11:27:16 +0300 Subject: add expiration to bearer token response (#15392) --- web/api/web_api_v2.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'web') diff --git a/web/api/web_api_v2.c b/web/api/web_api_v2.c index 54a211e34b..e520acbc78 100644 --- a/web/api/web_api_v2.c +++ b/web/api/web_api_v2.c @@ -3,6 +3,8 @@ #include "web_api_v2.h" #include "../rtc/webrtc.h" +#define BEARER_TOKEN_EXPIRATION 86400 + struct bearer_token { time_t created_s; time_t expires_s; @@ -26,7 +28,7 @@ static void bearer_token_cleanup(void) { dictionary_garbage_collect(netdata_authorized_bearers); } -static void bearer_get_token(uuid_t *uuid) { +static time_t bearer_get_token(uuid_t *uuid) { static SPINLOCK spinlock = NETDATA_SPINLOCK_INITIALIZER; static bool initialized = false; @@ -50,10 +52,12 @@ static void bearer_get_token(uuid_t *uuid) { z = dictionary_set(netdata_authorized_bearers, uuid_str, &t, sizeof(t)); if(!z->created_s) { z->created_s = now_monotonic_sec(); - z->expires_s = z->created_s + 86400; + z->expires_s = z->created_s + BEARER_TOKEN_EXPIRATION; } bearer_token_cleanup(); + + return now_realtime_sec() + BEARER_TOKEN_EXPIRATION; } #define HTTP_REQUEST_AUTHORIZATION_BEARER "\r\nAuthorization: Bearer " @@ -192,7 +196,7 @@ int api_v2_bearer_token(RRDHOST *host __maybe_unused, struct web_client *w __may } uuid_t uuid; - bearer_get_token(&uuid); + time_t expires_s = bearer_get_token(&uuid); BUFFER *wb = w->response.data; buffer_flush(wb); @@ -200,6 +204,7 @@ int api_v2_bearer_token(RRDHOST *host __maybe_unused, struct web_client *w __may buffer_json_member_add_string(wb, "mg", localhost->machine_guid); buffer_json_member_add_boolean(wb, "bearer_protection", netdata_is_protected_by_bearer); buffer_json_member_add_uuid(wb, "token", &uuid); + buffer_json_member_add_time_t(wb, "expiration", expires_s); buffer_json_finalize(wb); return HTTP_RESP_OK; -- cgit v1.2.3