forked from
tangled.org/core
Mirror of @tangled.org/core. Running on a Raspberry Pi Zero 2 (Please be gentle).
appview/oauth: explicitly set service-auth token expiry
Signed-off-by: oppiliappan <me@oppi.li>
+13
-1
+11
-1
appview/oauth/oauth.go
+11
-1
appview/oauth/oauth.go
···
224
224
s.service = service
225
225
}
226
226
}
227
+
228
+
// Specify the Duration in seconds for the expiry of this token
229
+
//
230
+
// The time of expiry is calculated as time.Now().Unix() + exp
227
231
func WithExp(exp int64) ServiceClientOpt {
228
232
return func(s *ServiceClientOpts) {
229
-
s.exp = exp
233
+
s.exp = time.Now().Unix() + exp
230
234
}
231
235
}
232
236
···
268
264
authorizedClient, err := o.AuthorizedClient(r)
269
265
if err != nil {
270
266
return nil, err
267
+
}
268
+
269
+
// force expiry to atleast 60 seconds in the future
270
+
sixty := time.Now().Unix() + 60
271
+
if opts.exp < sixty {
272
+
opts.exp = sixty
271
273
}
272
274
273
275
resp, err := authorizedClient.ServerGetServiceAuth(r.Context(), opts.Audience(), opts.exp, opts.lxm)
+2
appview/repo/repo.go
+2
appview/repo/repo.go
···
1062
1062
r,
1063
1063
oauth.WithService(f.Spindle),
1064
1064
oauth.WithLxm(lxm),
1065
+
oauth.WithExp(60),
1065
1066
oauth.WithDev(rp.config.Core.Dev),
1066
1067
)
1067
1068
if err != nil {
···
1271
1270
r,
1272
1271
oauth.WithService(f.Spindle),
1273
1272
oauth.WithLxm(tangled.RepoListSecretsNSID),
1273
+
oauth.WithExp(60),
1274
1274
oauth.WithDev(rp.config.Core.Dev),
1275
1275
); err != nil {
1276
1276
log.Println("failed to create spindle client", err)