Skip to content

Fix/createtoken timestamp bug #227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bttf wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix/createtoken timestamp bug #227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
47b387b
Fix timestamp bug in createToken function
bttf Nov 26, 2025
bb5ad80
Add comprehensive tests for createToken expiry validation
bttf Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions lib/core/http.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ module.exports = (appUuid, apiKey, config) => {
let wellFormedExpiry;
if (expiry) {
if (expiry && expiry instanceof Date) {
wellFormedExpiry = expiry.getUTCMilliseconds();
wellFormedExpiry = expiry.getTime();
} else if (expiry && typeof expiry === 'number') {
wellFormedExpiry = expiry;
} else {
Expand All @@ -239,7 +239,7 @@ module.exports = (appUuid, apiKey, config) => {
);
}

const now = new Date().getUTCMilliseconds();
const now = Date.now();
if (wellFormedExpiry < now || wellFormedExpiry - now > 600000) {
throw new errors.TokenCreationError(
'Expiry must be in the next 10 minutes'
Expand Down
111 changes: 111 additions & 0 deletions tests/core/http.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -590,6 +590,117 @@ describe('Http Module', () => {
});
});
});

context('Expiry validation', () => {
context('With Date object', () => {
it('Accepts expiry within next 10 minutes', () => {
const futureExpiry = new Date(Date.now() + 5 * 60 * 1000); // 5 minutes from now
const testResponse = {
token: 'token',
expiry: futureExpiry.getTime(),
createdAt: Date.now(),
};
const createRunTokenNock = setupNock(
'https://api.evervault.com',
testApiKey,
true
)
.post(`/client-side-tokens`)
.reply(200, testResponse);

return testHttpClient
.createToken('decrypt', { test: 'data' }, futureExpiry)
.then((res) => {
expect(createRunTokenNock.isDone()).to.be.true;
});
});

it('Throws error when expiry is in the past', () => {
const pastExpiry = new Date(Date.now() - 1000); // 1 second ago
return testHttpClient
.createToken('decrypt', { test: 'data' }, pastExpiry)
.catch((err) => {
expect(err).to.be.instanceOf(errors.TokenCreationError);
expect(err.message).to.equal(
'Expiry must be in the next 10 minutes'
);
});
});

it('Throws error when expiry is more than 10 minutes in future', () => {
const farFutureExpiry = new Date(Date.now() + 11 * 60 * 1000); // 11 minutes from now
return testHttpClient
.createToken('decrypt', { test: 'data' }, farFutureExpiry)
.catch((err) => {
expect(err).to.be.instanceOf(errors.TokenCreationError);
expect(err.message).to.equal(
'Expiry must be in the next 10 minutes'
);
});
});
});

context('With timestamp number', () => {
it('Accepts timestamp within next 10 minutes', () => {
const futureExpiry = Date.now() + 5 * 60 * 1000; // 5 minutes from now
const testResponse = {
token: 'token',
expiry: futureExpiry,
createdAt: Date.now(),
};
const createRunTokenNock = setupNock(
'https://api.evervault.com',
testApiKey,
true
)
.post(`/client-side-tokens`)
.reply(200, testResponse);

return testHttpClient
.createToken('decrypt', { test: 'data' }, futureExpiry)
.then((res) => {
expect(createRunTokenNock.isDone()).to.be.true;
});
});

it('Throws error when timestamp is in the past', () => {
const pastExpiry = Date.now() - 1000; // 1 second ago
return testHttpClient
.createToken('decrypt', { test: 'data' }, pastExpiry)
.catch((err) => {
expect(err).to.be.instanceOf(errors.TokenCreationError);
expect(err.message).to.equal(
'Expiry must be in the next 10 minutes'
);
});
});

it('Throws error when timestamp is more than 10 minutes in future', () => {
const farFutureExpiry = Date.now() + 11 * 60 * 1000; // 11 minutes from now
return testHttpClient
.createToken('decrypt', { test: 'data' }, farFutureExpiry)
.catch((err) => {
expect(err).to.be.instanceOf(errors.TokenCreationError);
expect(err.message).to.equal(
'Expiry must be in the next 10 minutes'
);
});
});
});

context('With invalid expiry type', () => {
it('Throws error when expiry is a string', () => {
return testHttpClient
.createToken('decrypt', { test: 'data' }, '2024-01-01')
.catch((err) => {
expect(err).to.be.instanceOf(errors.TokenCreationError);
expect(err.message).to.equal(
'Expiry must be a Date object, got string'
);
});
});
});
});
});
});

Expand Down