fix: token endpoint rate limiting

canonical · Mar 29, 2024 · da7d85a · da7d85a
1 parent a42695b
commit da7d85a
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/handler/rfc8628/strategy_hmacsha.go b/handler/rfc8628/strategy_hmacsha.go
@@ -182,10 +182,10 @@ func (h *DefaultDeviceStrategy) ShouldRateLimit(context context.Context, code st
 		timer.NotUntil = h.getExpirationTime(context, 1)
 		exp, err := h.serializeExpiration(timer)
 		if err != nil {
-			return false, err
+			return false, errorsx.WithStack(fosite.ErrServerError.WithHintf("Failed to serialize expiration struct %s", err))
 		}
 		// Set the expiration time as value, and use the lifespan of the device code as TTL.
-		h.RateLimiterCache.Set(keyBytes, exp, int(h.Config.GetDeviceAndUserCodeLifespan(context)))
+		h.RateLimiterCache.Set(keyBytes, exp, int(h.Config.GetDeviceAndUserCodeLifespan(context).Seconds()))
 		return false, nil
 	}
 
@@ -195,13 +195,13 @@ func (h *DefaultDeviceStrategy) ShouldRateLimit(context context.Context, code st
 	}
 
 	// The code is valid and enough time has passed since the last call.
-	if expiration.NotUntil.Before(time.Now()) {
+	if time.Now().After(expiration.NotUntil) {
 		expiration.NotUntil = h.getExpirationTime(context, expiration.Counter)
 		exp, err := h.serializeExpiration(expiration)
 		if err != nil {
-			return false, err
+			return false, errorsx.WithStack(fosite.ErrServerError.WithHintf("Failed to serialize expiration struct %s", err))
 		}
-		h.RateLimiterCache.Set(keyBytes, exp, int(h.Config.GetDeviceAndUserCodeLifespan(context)))
+		h.RateLimiterCache.Set(keyBytes, exp, int(h.Config.GetDeviceAndUserCodeLifespan(context).Seconds()))
 		return false, nil
 	}
 
@@ -210,9 +210,9 @@ func (h *DefaultDeviceStrategy) ShouldRateLimit(context context.Context, code st
 	expiration.Counter += 1
 	exp, err := h.serializeExpiration(expiration)
 	if err != nil {
-		return false, err
+		return false, errorsx.WithStack(fosite.ErrServerError.WithHintf("Failed to serialize expiration struct %s", err))
 	}
-	h.RateLimiterCache.Set(keyBytes, exp, int(h.Config.GetDeviceAndUserCodeLifespan(context)))
+	h.RateLimiterCache.Set(keyBytes, exp, int(h.Config.GetDeviceAndUserCodeLifespan(context).Seconds()))
 
 	return true, nil
 }