chronark
commented
1 year ago Such a stupid mistake, my bad. I'll fix it tomorrow
Thank you
Closed MattTennison closed 1 year ago
chronark
commented
1 year ago Such a stupid mistake, my bad. I'll fix it tomorrow
Thank you
chronark
commented
1 year ago @MattTennison Try @upstash/qstash@0.3.1 :)
MattTennison
commented
1 year ago Yeah, looks like that's working. Thanks for jumping on it so quickly :+1:
Environment
Current Behaviour
When I set the clock tolerance value to a positive integer, incoming requests always fail validation with the error "token is not yet valid"
E.g. I have a 60s clock tolerance, receive a request at 19:13:50 and my machine clock is 19:13:50, the request fails validation.
Expected Behaviour
The token should validate as long as the nbf is greater than system time - clock tolerance. So if I receive a request at 19:13:50 and have a 60s clock tolerance, as long as my machine time is >= 19:12:50, the request should be considered valid.
Notes
I think the bug occurs because it is subtracted from now, and then compared against the 'nbf' value (which is roughly equal to now) in the signature. This bit of code: https://github.com/upstash/sdk-qstash-ts/blob/a8029ebc767a8722a44c7ad487c27432db0931bf/pkg/receiver.ts#L140-L142