Allow overriding expiry with lower value than configured

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2025-04-19 06:55:51 -04:00 · 2023-06-26 18:42:00 +02:00 · 2023-06-26 18:42:00 +02:00 · 25c92f6c14
commit 25c92f6c14
parent ddd43503dd
2 changed files with 37 additions and 10 deletions
--- a/api.go
+++ b/api.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"net/http"
+	"strconv"
 	"strings"
 	"time"

@ -17,10 +18,11 @@ type apiServer struct {
 }

 type apiResponse struct {
-	Success  bool   `json:"success"`
-	Error    string `json:"error,omitempty"`
-	Secret   string `json:"secret,omitempty"`
-	SecretId string `json:"secret_id,omitempty"`
+	Success   bool       `json:"success"`
+	Error     string     `json:"error,omitempty"`
+	ExpiresAt *time.Time `json:"expires_at,omitempty"`
+	Secret    string     `json:"secret,omitempty"`
+	SecretId  string     `json:"secret_id,omitempty"`
 }

 type apiRequest struct {
@ -40,7 +42,14 @@ func (a apiServer) Register(r *mux.Router) {
 }

 func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
-	var secret string
+	var (
+		expiry = cfg.SecretExpiry
+		secret string
+	)
+
+	if ev, err := strconv.ParseInt(r.URL.Query().Get("expire"), 10, 64); err == nil && (ev < expiry || cfg.SecretExpiry == 0) {
+		expiry = ev
+	}

 	if strings.HasPrefix(r.Header.Get("Content-Type"), "application/json") {
 		tmp := apiRequest{}
@ -58,15 +67,21 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
 		return
 	}

-	id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second)
+	id, err := a.store.Create(secret, time.Duration(expiry)*time.Second)
 	if err != nil {
 		a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")
 		return
 	}

+	var expiresAt *time.Time
+	if expiry > 0 {
+		expiresAt = func(v time.Time) *time.Time { return &v }(time.Now().Add(time.Duration(expiry) * time.Second))
+	}
+
 	a.jsonResponse(res, http.StatusCreated, apiResponse{
-		Success:  true,
-		SecretId: id,
+		ExpiresAt: expiresAt,
+		Success:   true,
+		SecretId:  id,
 	})
 }

--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@ -14,7 +14,7 @@ info:
    This API allows you to store and read the same secrets as the web
    application.
  title: Luzifer/OTS API
-  version: 0.x
+  version: 1.x
 externalDocs:
  description: Luzifer/OTS on Github
  url: https://github.com/Luzifer/ots
@ -38,8 +38,20 @@ paths:
        become `https://ots.fyi/#5e0065ee-5734-4548-9fd3-bb0bcd4c899d|mypass`.
        Note that you should correctly [percent
        encode](https://datatracker.ietf.org/doc/html/rfc3986) the `|` (pipe)
-        character for it to work in all browsers. 
+        character for it to work in all browsers.
      operationId: createSecret
+      parameters:
+        - name: expire
+          in: query
+          description: >-
+            Override the default secret expiry with this value given in seconds.
+            Values bigger than the configured secret expiry will silently be
+            ignored and the default expiry will be used.
+          required: false
+          schema:
+            type: integer
+            format: int64
+            minimum: 0
      requestBody:
        required: true
        content: