julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom

appview/oauth: explicitly set service-auth token expiry

Signed-off-by: oppiliappan <me@oppi.li>

oppi.li ffcab7fe bf02ed25

verified
options
unified split
Changed files
+13 -1
appview
oauth
oauth.go
repo
repo.go
+11 -1
appview/oauth/oauth.go 
···

       
224

       
224

       
 

       
		s.service = service


     

       
225

       
225

       
 

       
	}


     

       
226

       
226

       
 

       
}


     

       

       
227

       
+

       



     

       

       
228

       
+

       
// Specify the Duration in seconds for the expiry of this token


     

       

       
229

       
+

       
//


     

       

       
230

       
+

       
// The time of expiry is calculated as time.Now().Unix() + exp


     

       
227

       
231

       
 

       
func WithExp(exp int64) ServiceClientOpt {


     

       
228

       
232

       
 

       
	return func(s *ServiceClientOpts) {


     

       
229

       

       
-

       
		s.exp = exp


     

       

       
233

       
+

       
		s.exp = time.Now().Unix() + exp


     

       
230

       
234

       
 

       
	}


     

       
231

       
235

       
 

       
}


     

       
232

       
236

       
 

       



     
···

       
264

       
268

       
 

       
	authorizedClient, err := o.AuthorizedClient(r)


     

       
265

       
269

       
 

       
	if err != nil {


     

       
266

       
270

       
 

       
		return nil, err


     

       

       
271

       
+

       
	}


     

       

       
272

       
+

       



     

       

       
273

       
+

       
	// force expiry to atleast 60 seconds in the future


     

       

       
274

       
+

       
	sixty := time.Now().Unix() + 60


     

       

       
275

       
+

       
	if opts.exp < sixty {


     

       

       
276

       
+

       
		opts.exp = sixty


     

       
267

       
277

       
 

       
	}


     

       
268

       
278

       
 

       



     

       
269

       
279

       
 

       
	resp, err := authorizedClient.ServerGetServiceAuth(r.Context(), opts.Audience(), opts.exp, opts.lxm)
+2
appview/repo/repo.go 
···

       
1062

       
1062

       
 

       
		r,


     

       
1063

       
1063

       
 

       
		oauth.WithService(f.Spindle),


     

       
1064

       
1064

       
 

       
		oauth.WithLxm(lxm),


     

       

       
1065

       
+

       
		oauth.WithExp(60),


     

       
1065

       
1066

       
 

       
		oauth.WithDev(rp.config.Core.Dev),


     

       
1066

       
1067

       
 

       
	)


     

       
1067

       
1068

       
 

       
	if err != nil {


     
···

       
1270

       
1271

       
 

       
			r,


     

       
1271

       
1272

       
 

       
			oauth.WithService(f.Spindle),


     

       
1272

       
1273

       
 

       
			oauth.WithLxm(tangled.RepoListSecretsNSID),


     

       

       
1274

       
+

       
			oauth.WithExp(60),


     

       
1273

       
1275

       
 

       
			oauth.WithDev(rp.config.Core.Dev),


     

       
1274

       
1276

       
 

       
		); err != nil {


     

       
1275

       
1277

       
 

       
			log.Println("failed to create spindle client", err)