From a50d6dc0f4133740b7e87f43aabf918558a3d73e Mon Sep 17 00:00:00 2001
From: damencho <damencho@jitsi.org>
Date: Thu, 10 Oct 2024 13:04:01 -0500
Subject: [PATCH] feat(jwt): Adds some more logs around expiration.

---
 resources/prosody-plugins/luajwtjitsi.lib.lua | 6 +++++-
 resources/prosody-plugins/mod_auth_token.lua  | 6 ++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/resources/prosody-plugins/luajwtjitsi.lib.lua b/resources/prosody-plugins/luajwtjitsi.lib.lua
index 990b1e6a47..d14fea4993 100644
--- a/resources/prosody-plugins/luajwtjitsi.lib.lua
+++ b/resources/prosody-plugins/luajwtjitsi.lib.lua
@@ -226,7 +226,11 @@ function M.verify(token, expectedAlgo, key, acceptedIssuers, acceptedAudiences)
 
 
 	if body.exp and os.time() >= body.exp then
-		return nil, "Not acceptable by exp ("..tostring(os.time()-body.exp)..")"
+        local extra_msg = '';
+        if body.iat then
+            extra_msg = ", valid for:"..tostring(body.exp-body.iat).." sec";
+        end
+		return nil, "Not acceptable by exp ("..tostring(os.time()-body.exp).." sec since expired"..extra_msg..")"
 	end
 
 	if body.nbf and os.time() < body.nbf then
diff --git a/resources/prosody-plugins/mod_auth_token.lua b/resources/prosody-plugins/mod_auth_token.lua
index 562be90889..fde6e7a41f 100644
--- a/resources/prosody-plugins/mod_auth_token.lua
+++ b/resources/prosody-plugins/mod_auth_token.lua
@@ -55,6 +55,7 @@ function init_session(event)
 
     -- in either case set auth_token in the session
     session.auth_token = token;
+    session.user_agent_header = request.headers['user_agent'];
 end
 
 module:hook_global("bosh-session", init_session);
@@ -101,8 +102,9 @@ function provider.get_sasl_handler(session)
         local res, error, reason = token_util:process_and_verify_token(session);
         if res == false then
             module:log("warn",
-                "Error verifying token err:%s, reason:%s tenant:%s room:%s",
-                    error, reason, session.jitsi_web_query_prefix, session.jitsi_web_query_room);
+                "Error verifying token err:%s, reason:%s tenant:%s room:%s user_agent:%s",
+                    error, reason, session.jitsi_web_query_prefix, session.jitsi_web_query_room,
+                    session.user_agent_header);
             session.auth_token = nil;
             measure_verify_fail(1);
             return res, error, reason;