When I set the clock tolerance value to a positive integer, incoming requests always fail validation with the error "token is not yet valid"
E.g. I have a 60s clock tolerance, receive a request at 19:13:50 and my machine clock is 19:13:50, the request fails validation.
Expected Behaviour
The token should validate as long as the nbf is greater than system time - clock tolerance. So if I receive a request at 19:13:50 and have a 60s clock tolerance, as long as my machine time is >= 19:12:50, the request should be considered valid.
Environment
Current Behaviour
When I set the clock tolerance value to a positive integer, incoming requests always fail validation with the error "token is not yet valid"
E.g. I have a 60s clock tolerance, receive a request at 19:13:50 and my machine clock is 19:13:50, the request fails validation.
Expected Behaviour
The token should validate as long as the nbf is greater than system time - clock tolerance. So if I receive a request at 19:13:50 and have a 60s clock tolerance, as long as my machine time is >= 19:12:50, the request should be considered valid.
Notes
I think the bug occurs because it is subtracted from now, and then compared against the 'nbf' value (which is roughly equal to now) in the signature. This bit of code: https://github.com/upstash/sdk-qstash-ts/blob/a8029ebc767a8722a44c7ad487c27432db0931bf/pkg/receiver.ts#L140-L142