review suggestions

api/rpc/perms/permissions.go

@@ -32,7 +32,26 @@ func (j *JWTPayload) MarshalBinary() (data []byte, err error) {
 
 // NewTokenWithPerms generates and signs a new JWT token with the given secret
 // and given permissions.
-func NewTokenWithPerms(signer jwt.Signer, perms []auth.Permission, ttl time.Duration) ([]byte, error) {
+func NewTokenWithPerms(signer jwt.Signer, perms []auth.Permission) ([]byte, error) {
+	nonce := make([]byte, 32)
+	if _, err := rand.Read(nonce); err != nil {
+		return nil, err
+	}
+
+	p := &JWTPayload{
+		Allow: perms,
+		Nonce: nonce,
+	}
+	token, err := jwt.NewBuilder(signer).Build(p)
+	if err != nil {
+		return nil, err
+	}
+	return token.Bytes(), nil
+}
+
+// NewTokenWithTTL generates and signs a new JWT token with the given secret
+// and given permissions and TTL.
+func NewTokenWithTTL(signer jwt.Signer, perms []auth.Permission, ttl time.Duration) ([]byte, error) {
 	nonce := make([]byte, 32)
 	if _, err := rand.Read(nonce); err != nil {
 		return nil, err

api/rpc_test.go

@@ -59,7 +59,7 @@ func TestRPCCallsUnderlyingNode(t *testing.T) {
 	nd, server := setupNodeWithAuthedRPC(t, signer, verifier)
 	url := nd.RPCServer.ListenAddr()
 
-	adminToken, err := perms.NewTokenWithPerms(signer, perms.AllPerms, time.Minute)
+	adminToken, err := perms.NewTokenWithPerms(signer, perms.AllPerms)
 	require.NoError(t, err)
 
 	// we need to run this a few times to prevent the race where the server is not yet started
@@ -105,7 +105,7 @@ func TestRPCCallsTokenExpired(t *testing.T) {
 	nd, _ := setupNodeWithAuthedRPC(t, signer, verifier)
 	url := nd.RPCServer.ListenAddr()
 
-	adminToken, err := perms.NewTokenWithPerms(signer, perms.AllPerms, time.Millisecond)
+	adminToken, err := perms.NewTokenWithTTL(signer, perms.AllPerms, time.Millisecond)
 	require.NoError(t, err)
 
 	// we need to run this a few times to prevent the race where the server is not yet started
@@ -122,7 +122,7 @@ func TestRPCCallsTokenExpired(t *testing.T) {
 	require.NoError(t, err)
 
 	_, err = rpcClient.State.Balance(ctx)
-	require.Error(t, err, err)
+	require.ErrorContains(t, err, "request failed, http status 401 Unauthorized")
 }
 
 // api contains all modules that are made available as the node's
@@ -179,13 +179,13 @@ func TestAuthedRPC(t *testing.T) {
 	url := nd.RPCServer.ListenAddr()
 
 	// create permissioned tokens
-	publicToken, err := perms.NewTokenWithPerms(signer, perms.DefaultPerms, time.Minute)
+	publicToken, err := perms.NewTokenWithPerms(signer, perms.DefaultPerms)
 	require.NoError(t, err)
-	readToken, err := perms.NewTokenWithPerms(signer, perms.ReadPerms, time.Minute)
+	readToken, err := perms.NewTokenWithPerms(signer, perms.ReadPerms)
 	require.NoError(t, err)
-	rwToken, err := perms.NewTokenWithPerms(signer, perms.ReadWritePerms, time.Minute)
+	rwToken, err := perms.NewTokenWithPerms(signer, perms.ReadWritePerms)
 	require.NoError(t, err)
-	adminToken, err := perms.NewTokenWithPerms(signer, perms.AllPerms, time.Minute)
+	adminToken, err := perms.NewTokenWithPerms(signer, perms.AllPerms)
 	require.NoError(t, err)
 
 	tests := []struct {

cmd/rpc.go

@@ -128,7 +128,7 @@ func getToken(path string) (string, error) {
 		fmt.Printf("error getting the JWT secret: %v", err)
 		return "", err
 	}
-	return buildJWTToken(key.Body, perms.AllPerms, time.Minute)
+	return buildJWTToken(key.Body, perms.AllPerms, 0)
 }
 
 type rpcClientKey struct{}