From e590c9c92ee9a3818f3e5141d718bc07613848d5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 5 Apr 2021 17:16:18 +0200 Subject: mod_http_file_share: Include time of issuance in auth token In case an external upload service wants to have the original creation time, or calculate the token expiry itself. --- plugins/mod_http_file_share.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index d082bee7..9e542dff 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -133,10 +133,12 @@ function may_upload(uploader, filename, filesize, filetype) -- > boolean, error end function get_authz(slot, uploader, filename, filesize, filetype) +local now = os.time(); return jwt.sign(secret, { -- token properties sub = uploader; - exp = os.time()+300; + iat = now; + exp = now+300; -- slot properties slot = slot; -- cgit v1.2.3