Allow building ucans without nbf set & fix builder's timestamps to …

…be second-based, not millisecond-based. (#45) * Allow building UCANs without `nbf` * JWTs use seconds as timestamp units! * Make tests use second-based timestamps
ucan-wg · Jan 12, 2022 · e10bdec · e10bdec
1 parent 935e44e
commit e10bdec
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 11 deletions.
diff --git a/src/builder.ts b/src/builder.ts
@@ -117,11 +117,11 @@ export class Builder<State extends Partial<BuildableState>> {
     if (!isFinite(seconds) || seconds <= 0) {
       throw new TypeError(`Expected seconds to be a positive number, but got ${seconds}`)
     }
-    return this.withExpiraton(Date.now() + seconds * 1000)
+    return this.withExpiraton(Math.floor(Date.now() / 1000) + seconds)
   }
 
   /**
-   * @param expiration The POSIX timestamp for when the UCAN should expire.
+   * @param expiration The UTCTime timestamp (in seconds) for when the UCAN should expire.
    */
   withExpiraton(expiration: number): Builder<State & { expiration: number }> {
     if (typeof expiration !== "number" || !isFinite(expiration)) {
@@ -134,7 +134,7 @@ export class Builder<State extends Partial<BuildableState>> {
   }
 
   /**
-   * @param notBeforeTimestamp The POSIX timestamp of when the UCAN becomes active.
+   * @param notBeforeTimestamp The UTCTime timestamp (in seconds) of when the UCAN becomes active.
    */
   withNotBefore(notBeforeTimestamp: number): Builder<State> {
     if (typeof notBeforeTimestamp !== "number" || !isFinite(notBeforeTimestamp)) {

diff --git a/src/chained.ts b/src/chained.ts
@@ -130,14 +130,14 @@ export class Chained {
   }
 
   /**
-   * @returns `exp`: The POSIX timestamp for when the UCAN expires.
+   * @returns `exp`: The UTCTime timestamp (in seconds) for when the UCAN expires.
    */
   expiresAt(): number {
     return this._decoded.payload.exp
   }
 
   /**
-   * @returns `nbf`: The POSIX timestamp of when the UCAN becomes active.
+   * @returns `nbf`: The UTCTime timestamp (in seconds) of when the UCAN becomes active.
    * If `null`, then it's only bound by `.expiresAt()`.
    */
   notBefore(): number | null {

diff --git a/src/token.ts b/src/token.ts
@@ -98,7 +98,6 @@ export function buildParts(params: {
   // Timestamps
   const currentTimeInSeconds = Math.floor(Date.now() / 1000)
   const exp = expiration || (currentTimeInSeconds + lifetimeInSeconds)
-  const nbf = notBefore || currentTimeInSeconds - 60
 
   const header = {
     alg: jwtAlgorithm(keyType),
@@ -112,7 +111,7 @@ export function buildParts(params: {
     exp,
     fct: facts,
     iss: issuer,
-    nbf,
+    nbf: notBefore,
     prf: proofs,
   } as UcanPayload
 

diff --git a/tests/builder.test.ts b/tests/builder.test.ts
@@ -11,8 +11,8 @@ describe("Builder", () => {
     const fact2 = { preimage: "abc", hash: "sth" }
     const cap1 = { email: "[email protected]", cap: "SEND" }
     const cap2 = { wnfs: "alice.fission.name/public/", cap: "SUPER_USER" }
-    const expiration = Date.now() + 30 * 1000
-    const notBefore = Date.now() - 30 * 1000
+    const expiration = Math.floor(Date.now() / 1000) + 30
+    const notBefore = Math.floor(Date.now() / 1000) - 30
 
     const ucan = await Builder.create()
       .issuedBy(alice)
@@ -40,7 +40,7 @@ describe("Builder", () => {
       .withLifetimeInSeconds(300)
       .buildParts()
 
-    expect(parts.payload.exp).toBeGreaterThan(Date.now() + 290 * 1000)
+    expect(parts.payload.exp).toBeGreaterThan(Date.now() / 1000 + 290)
   })
 
   it("prevents duplicate proofs", async () => {

diff --git a/tests/token.test.ts b/tests/token.test.ts
@@ -71,7 +71,7 @@ describe("token.validate", () => {
 })
 
 describe("verifySignatureUtf8", () => {
-  
+
   it("works with an example", async () => {
     const [header, payload, signature] = token.encode(await token.build({
       issuer: alice,
@@ -81,3 +81,27 @@ describe("verifySignatureUtf8", () => {
   })
 
 })
+
+describe("token.buildParts", () => {
+
+  it("can build tokens without nbf", () => {
+    const ucan = token.buildParts({
+      keyType: alice.keyType,
+      issuer: alice.did(),
+      audience: bob.did(),
+    })
+    expect(ucan.payload.nbf).not.toBeDefined()
+  })
+
+  it("builds tokens that expire in the future", () => {
+    const ucan = token.buildParts({
+      keyType: alice.keyType,
+      issuer: alice.did(),
+      audience: bob.did(),
+
+      lifetimeInSeconds: 30,
+    })
+    expect(ucan.payload.exp).toBeGreaterThan(Date.now() / 1000)
+  })
+
+})