3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-10 15:47:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

urlutil: add time validation functions (#3776)

Browse source
This commit is contained in:
Caleb Doxsey 2022-12-02 11:42:56 -07:00 committed by GitHub
parent 457fca08dc
commit 090601873f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 111 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

43
internal/urlutil/time.go Normal file
View file

@ -0,0 +1,43 @@
package urlutil
import (
"fmt"
"net/url"
"strconv"
"time"
)
// BuildTimeParameters adds the issued and expiry timestamps to the query parameters.
func BuildTimeParameters(params url.Values, expiry time.Duration) {
now := time.Now()
params.Set(QueryIssued, fmt.Sprint(now.UnixMilli()))
params.Set(QueryExpiry, fmt.Sprint(now.Add(expiry).UnixMilli()))
}
// ValidateTimeParameters validates that the issued and expiry timestamps in the query parameters are valid.
func ValidateTimeParameters(params url.Values) error {
now := time.Now()
issuedMS, err := strconv.ParseInt(params.Get(QueryIssued), 10, 64)
if err != nil {
return fmt.Errorf("invalid issued timestamp: %w", err)
}
issued := time.UnixMilli(issuedMS)
if now.Add(DefaultLeeway).Before(issued) {
return ErrIssuedInTheFuture
}
expiryMS, err := strconv.ParseInt(params.Get(QueryExpiry), 10, 64)
if err != nil {
return fmt.Errorf("invalid expiry timestamp: %w", err)
}
expiry := time.UnixMilli(expiryMS)
if now.Add(-DefaultLeeway).After(expiry) {
return ErrExpired
}
return nil
}