Add exp claim to generated JWTs

app-db-initialization/embed_demo.sql

@@ -3708,9 +3708,9 @@ COPY public.core_session (id, user_id, created_at, anti_csrf_token) FROM stdin;
 COPY public.core_user (id, email, first_name, last_name, password, password_salt, date_joined, last_login, is_superuser, is_active, reset_token, reset_triggered, is_qbnewb, google_auth, ldap_auth, login_attributes, updated_at, sso_source, locale, is_datasetnewb, settings) FROM stdin;
 2	[email protected]	Fake	Two	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-11 16:56:20.534624+00	2022-12-05 16:04:34.611907+00	t	t	$2a$10$caiF0YZT0UcD6NfydvqGJ.xF3tKZMQkFxHlT5RdipBabpjhnN149.	1668505830164	f	f	f	\N	2022-12-05 16:04:34.611907	\N	\N	t	\N
 5	[email protected]	The	Account	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-17 10:01:26.174614+00	2022-12-07 12:28:58.033817+00	f	t	\N	\N	f	f	f	{"metalbase_user_id":8,"exp":1670416738,"groups":["Read Only"]}	2022-12-07 12:28:58.033817	jwt	\N	t	\N
-7	[email protected]	Mary	Smith	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-30 08:24:37.577984+00	2023-01-15 20:33:45.669532+00	f	t	\N	\N	f	f	f	{"professor_id":1,"occupation":"teacher","id":1000000,"avatar":"/images/mary-smith.png","expiresIn":"2 days","groups":["Professors"]}	2023-01-15 20:33:45.669532	jwt	\N	t	\N
+7	[email protected]	Mary	Smith	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-30 08:24:37.577984+00	2023-01-15 20:33:45.669532+00	f	t	\N	\N	f	f	f	{"professor_id":1,"occupation":"teacher","id":1000000,"avatar":"/images/mary-smith.png","groups":["Professors"]}	2023-01-15 20:33:45.669532	jwt	\N	t	\N
 1	[email protected]	Fake	One	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-10 21:29:57.758633+00	2022-12-19 19:08:13.618004+00	t	t	\N	\N	f	f	f	\N	2022-12-19 19:08:13.618004	\N	\N	t	\N
-8	[email protected]	Anna	Johnson	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-30 14:50:52.561711+00	2023-01-15 16:29:07.343049+00	f	t	\N	\N	f	f	f	{"professor_id":2,"occupation":"teacher","id":999999,"avatar":"/images/anna-johnson.png","expiresIn":"2 days","groups":["Professors"]}	2023-01-15 16:29:07.343049	jwt	\N	t	\N
+8	[email protected]	Anna	Johnson	$2a$10$DVjygn2uQfF3c3L/9eVVaexDnxMKmxOo72/IOKr0aUmZ/k..z5BbC	07c3fef0-938e-4a1e-8849-bf3d66c638c5	2022-11-30 14:50:52.561711+00	2023-01-15 16:29:07.343049+00	f	t	\N	\N	f	f	f	{"professor_id":2,"occupation":"teacher","id":999999,"avatar":"/images/anna-johnson.png","groups":["Professors"]}	2023-01-15 16:29:07.343049	jwt	\N	t	\N
 \.
 
 

src/components/thirdParty/metabase/JWTProvider/JWTProvider.tsx

@@ -6,13 +6,13 @@ import { IJWTProviderProps } from "./types";
 export default function JWTProvider({
   appId,
   user,
-  expiresIn,
+  expiresInSeconds,
   children,
 }: PropsWithChildren<IJWTProviderProps>): ReactElement {
   const { jwt, loading, error } = useJWTLogin({
     appId,
     user,
-    expiresIn,
+    expiresInSeconds,
   });
 
   if (loading) {

src/components/thirdParty/metabase/JWTProvider/types.ts

@@ -3,5 +3,5 @@ import { IUser } from "../types";
 export interface IJWTProviderProps {
   appId?: string;
   user?: IUser;
-  expiresIn?: string;
+  expiresInSeconds?: number;
 }

src/components/thirdParty/metabase/hooks/types.ts

@@ -4,7 +4,7 @@ export interface IUseJWTLoginProps {
   appId?: string;
   user?: IUser;
   returnTo?: string;
-  expiresIn?: string;
+  expiresInSeconds?: number;
 }
 
 export interface IUseJWTLoginRes {

src/components/thirdParty/metabase/hooks/useJWTLogin.ts

@@ -1,11 +1,12 @@
 import { useCallback, useEffect, useState } from "react";
 import { IUseJWTLoginProps, IUseJWTLoginRes } from "./types";
+import { DEFAULT_EXPIRATION_SECONDS } from "../utils/constants";
 
 export function useJWTLogin({
   appId = process.env.METABASE_APP_ID,
   user,
   returnTo = "/",
-  expiresIn,
+  expiresInSeconds = DEFAULT_EXPIRATION_SECONDS,
 }: IUseJWTLoginProps = {}): IUseJWTLoginRes {
   const [requestDate, setRequestDate] = useState<Date>();
   const [jwt, setJWT] = useState<string>();
@@ -24,7 +25,7 @@ export function useJWTLogin({
           appId,
           user,
           returnTo,
-          expiresIn, // Not used: see FIX
+          exp: Math.floor(Date.now() / 1000) + expiresInSeconds, // Not used: see FIX
         }),
       });
       const data = await response.json();
@@ -37,7 +38,7 @@ export function useJWTLogin({
       setError(err.message || err);
       console.error(err);
     }
-  }, [appId, user, returnTo, expiresIn]);
+  }, [appId, user, returnTo, expiresInSeconds]);
 
   useEffect(() => {
     getUrlAsync();

src/components/thirdParty/metabase/utils/constants.ts

@@ -8,4 +8,4 @@ export const DUMMY_USER: IUser = {
   groups: ["Read Only"],
 };
 
-export const DEFAULT_EXPIRATION = "2 days";
+export const DEFAULT_EXPIRATION_SECONDS = 5 * 60; // 5 minutes

src/pages/_app.tsx

@@ -35,7 +35,7 @@ export default function App({
         <title>Edumation</title>
       </Head>
 
-      <JWTProvider user={account} expiresIn="2 days">
+      <JWTProvider user={account}>
         <ThemeProvider theme={defaultTheme}>
           <GlobalStyle />
           <Nav />

src/pages/api/auth/metabase.ts

@@ -1,9 +1,10 @@
 import type { NextApiRequest, NextApiResponse } from "next";
+import type { JwtPayload } from "jsonwebtoken";
 import { sign } from "jsonwebtoken";
 import { format } from "url";
 import { getAppUrl } from "@components/thirdParty/metabase/utils";
 import {
-  DEFAULT_EXPIRATION,
+  DEFAULT_EXPIRATION_SECONDS,
   DUMMY_USER,
 } from "@components/thirdParty/metabase/utils/constants";
 import { IUseJWTLoginProps } from "@components/thirdParty/metabase/hooks/types";
@@ -16,7 +17,7 @@ export default async function handler(
     appId,
     user = DUMMY_USER,
     returnTo = "/",
-    expiresIn = DEFAULT_EXPIRATION,
+    expiresInSeconds = DEFAULT_EXPIRATION_SECONDS,
   } = req.body as IUseJWTLoginProps;
   if (req.method === "POST") {
     const METABASE_JWT_SHARED_SECRET =
@@ -26,8 +27,8 @@ export default async function handler(
     const jwt = sign(
       {
         ...user,
-        expiresIn,
-      },
+        exp: Math.floor(Date.now() / 1000) + expiresInSeconds,
+      } as JwtPayload,
       METABASE_JWT_SHARED_SECRET,
     );
 

src/pages/embedding/full-app/setup.tsx

@@ -2,6 +2,7 @@ import PageContainer from "@components/container/PageContainer";
 import PageHeader from "@components/layout/PageHeader";
 import Head from "next/head";
 import { ReactElement, useEffect, useState } from "react";
+import type { JwtPayload } from "jsonwebtoken";
 import { sign } from "jsonwebtoken";
 import ImageWrapper from "@components/ui/ImageWrapper";
 import { getAppUrl } from "@components/thirdParty/metabase/utils";
@@ -13,7 +14,7 @@ const iFrameCodeFullAppSign = `const jsonwebtoken = sign(
     first_name: <first name>,
     last_name: <last name>,
     groups: ["Read Only"],
-    expiresIn: "2 days",
+    exp: Math.floor(Date.now() / 1000) + <expiration seconds>
   },
   <JWT shared secret key>,
 );`;
@@ -37,8 +38,8 @@ export default function SimpleEmbeddingPage(): ReactElement {
         first_name: "Dummy",
         last_name: "User",
         groups: ["Read Only"],
-        expiresIn: "2 days",
-      },
+        exp: Math.floor(Date.now() / 1000) + 5 * 60, // 5 minutes
+      } as JwtPayload,
       METABASE_JWT_SHARED_SECRET,
     );
     setTheJWT(jwt);