From cbeff0c0cb75d6e3b004cfdbfade47e5a8d397c3 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Thu, 1 Nov 2018 12:59:22 +0200
Subject: [PATCH] Add created at timestamp to tokens for future-proofing

---
 maubot/management/api/auth.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/maubot/management/api/auth.py b/maubot/management/api/auth.py
index fcca6fb..b813a7c 100644
--- a/maubot/management/api/auth.py
+++ b/maubot/management/api/auth.py
@@ -13,9 +13,11 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
-from aiohttp import web
+from time import time
 import json
 
+from aiohttp import web
+
 from mautrix.types import UserID
 from mautrix.util.signed_token import sign_token, verify_token
 
@@ -47,6 +49,7 @@ async def login(request: web.Request) -> web.Response:
         user = data.get("user") or "root"
         return web.json_response({
             "token": create_token(user),
+            "created_at": int(time()),
         })
 
     username = data.get("username")
@@ -54,6 +57,7 @@ async def login(request: web.Request) -> web.Response:
     if get_config().check_password(username, password):
         return web.json_response({
             "token": create_token(username),
+            "created_at": int(time()),
         })
 
     return ErrBadAuth