From e9367b03be14bfad70db36106a3de081b3f0ae82 Mon Sep 17 00:00:00 2001
From: Javier Prieto <jprietove@gmail.com>
Date: Wed, 27 Jan 2021 15:16:08 +0100
Subject: [PATCH 1/2] Added exp claim for JWT token

---
 websockify/token_plugins.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/websockify/token_plugins.py b/websockify/token_plugins.py
index e03839a..80a9568 100644
--- a/websockify/token_plugins.py
+++ b/websockify/token_plugins.py
@@ -1,5 +1,6 @@
 import os
 import sys
+import time
 
 class BasePlugin():
     def __init__(self, src):
@@ -127,6 +128,12 @@ class JWTTokenApi(BasePlugin):
                     token = jwt.JWT(key=key, jwt=token.claims)
 
                 parsed = json.loads(token.claims)
+                
+                if 'exp' in parsed:
+                    # Expiration time is present, so we need to check it
+                    if time.time() > parsed['exp']:
+                        print('Token has expired!', file=sys.stderr)
+                        return None
 
                 return (parsed['host'], parsed['port'])
             except Exception as e:

From 1f618c8f4113d1218875d4f1d86e28e4a637b51a Mon Sep 17 00:00:00 2001
From: Javier Prieto <jprietove@gmail.com>
Date: Wed, 27 Jan 2021 16:50:19 +0100
Subject: [PATCH 2/2] Added JWT nbf, not before

---
 websockify/token_plugins.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/websockify/token_plugins.py b/websockify/token_plugins.py
index 80a9568..dab1982 100644
--- a/websockify/token_plugins.py
+++ b/websockify/token_plugins.py
@@ -129,6 +129,12 @@ class JWTTokenApi(BasePlugin):
 
                 parsed = json.loads(token.claims)
                 
+                if 'nbf' in parsed:
+                    # Not Before is present, so we need to check it
+                    if time.time() < parsed['nbf']:
+                        print('Token can not be used yet!', file=sys.stderr)
+                        return None
+
                 if 'exp' in parsed:
                     # Expiration time is present, so we need to check it
                     if time.time() > parsed['exp']: