add expiresAfter to use a relative delay for expiration

krichprollsch · krichprollsch · commit 7c2cb7914f77 · 2026-03-08T12:50:24.000+01:00
diff --git a/config.go b/config.go
@@ -10,25 +10,27 @@ import (
 
 // SignConfig contains additional configuration for the signer.
 type SignConfig struct {
-	signAlg     bool
-	signCreated bool
-	fakeCreated int64
-	expires     int64
-	nonce       string
-	tag         string
-	keyID       *string
+	signAlg      bool
+	signCreated  bool
+	fakeCreated  int64
+	expires      int64
+	expiresAfter int64
+	nonce        string
+	tag          string
+	keyID        *string
 }
 
 // NewSignConfig generates a default configuration.
 func NewSignConfig() *SignConfig {
 	return &SignConfig{
-		signAlg:     true,
-		signCreated: true,
-		fakeCreated: 0,
-		expires:     0,
-		nonce:       "",
-		tag:         "", // we disallow an empty tag
-		keyID:       nil,
+		signAlg:      true,
+		signCreated:  true,
+		fakeCreated:  0,
+		expires:      0,
+		expiresAfter: 0,
+		nonce:        "",
+		tag:          "", // we disallow an empty tag
+		keyID:        nil,
 	}
 }
 
@@ -58,6 +60,14 @@ func (c *SignConfig) SetExpires(expires int64) *SignConfig {
 	return c
 }
 
+// SetExpiresAfter adds an "expires" parameter containing an expiration
+// deadline after the given delay, as Unix time.
+// Default: 0 (do not add the parameter).
+func (c *SignConfig) SetExpiresAfter(delay int64) *SignConfig {
+	c.expiresAfter = delay
+	return c
+}
+
 // SetNonce adds a "nonce" string parameter whose content should be unique per signed message.
 // Default: empty string (do not add the parameter).
 func (c *SignConfig) SetNonce(nonce string) *SignConfig {
diff --git a/signatures.go b/signatures.go
@@ -272,6 +272,12 @@ func generateSigParams(config *SignConfig, alg string, foreignSigner interface{}
 	if config.expires != 0 {
 		p.Add("expires", config.expires)
 	}
+	if config.expiresAfter != 0 {
+		if config.expires != 0 {
+			return "", fmt.Errorf("cannot use both expires and expiresAfter")
+		}
+		p.Add("expires", config.expiresAfter+createdTime)
+	}
 	if config.nonce != "" {
 		qNonce, err := quotedString(config.nonce)
 		if err != nil {
