From 6c3cf5b92c3bec492ed8b4108e464e0889542f15 Mon Sep 17 00:00:00 2001
From: Valentin CZERYBA <valcze80@gmail.com>
Date: Sun, 15 May 2022 13:35:21 +0200
Subject: [PATCH] add expire times

---
 .../com/covas/Resources/TokenRessource.java   | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java
index 4c80581..b9a80a8 100644
--- a/src/main/java/com/covas/Resources/TokenRessource.java
+++ b/src/main/java/com/covas/Resources/TokenRessource.java
@@ -40,16 +40,20 @@ public class TokenRessource {
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("jwt") String jwtCookie) {
+    public Response getUserName(@HeaderParam("Authorization") String auth, @CookieParam("user") String user, @CookieParam("jwt") String jwtCookie) {
         String name = "anonymous";
         String password = "";
-
         if(auth == null){
-            return Response.status(Response.Status.BAD_REQUEST).build();
+            if(user == null){
+                return Response.status(Response.Status.BAD_REQUEST).build();
+            } else {
+                name = new String(Base64.decode(user), StandardCharsets.UTF_8);
+            }
+        } else {
+            String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
+            name = hash[0];
+            password = Hash.encryptSHA512(hash[1]);
         }
-        String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
-        name = hash[0];
-        password = Hash.encryptSHA512(hash[1]);
         UsersEntity users = UsersEntity.findByPseudo(name);
         if (users == null){
             return Response.status(Response.Status.NOT_FOUND).build();
@@ -62,7 +66,8 @@ public class TokenRessource {
             String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();
             // or create a JWT token encrypted using the 'A256KW' algorithm
             // Jwt.upn("alice").encryptWithSecret(secret);
-            return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
+            String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8));
+            return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie), new NewCookie("user", nameEncoded)).build();
       } 
       // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
       try {