Merge pull request #1521 from 0chain/fix/restricted-expiry

Fix/restricted expiry
0chain · Jan 4, 2025 · e577435 · e577435
2 parents 1bd2c18 + 3f32c14
commit e577435
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/code/go/0chain.net/blobbercore/handler/auth_ticket.go b/code/go/0chain.net/blobbercore/handler/auth_ticket.go
@@ -2,6 +2,7 @@ package handler
 
 import (
 	"context"
+	"fmt"
 	"github.com/0chain/blobber/code/go/0chain.net/core/node"
 	"github.com/0chain/common/core/common"
 	"net/http"
@@ -19,24 +20,27 @@ type AuthTicketResponse struct {
 //
 // parameters:
 //
-//   +name: Zbox-Signature
-//    in: header
-//    type: string
-//    description: Digital signature to verify that the sender is 0box service.
-//   +name: client_id
-//    type: string
-//    in: query
-//    description: Client ID is used as a payload to the token generated. The token represents a signed version of this string by the blobber's private key.
+//	+name: Zbox-Signature
+//	 in: header
+//	 type: string
+//	 description: Digital signature to verify that the sender is 0box service.
+//	+name: client_id
+//	 type: string
+//	 in: query
+//	 description: Client ID is used as a payload to the token generated. The token represents a signed version of this string by the blobber's private key.
 //
 // responses:
-//    200: AuthTicketResponse
+//
+//	200: AuthTicketResponse
 func GenerateAuthTicket(ctx context.Context, r *http.Request) (interface{}, error) {
 	clientID := r.URL.Query().Get("client_id")
 	if clientID == "" {
 		return nil, common.NewError("missing_client_id", "client_id is required")
 	}
 
-	signature, err := node.Self.Sign(clientID)
+	round := r.URL.Query().Get("round")
+
+	signature, err := node.Self.Sign(fmt.Sprintf("%s_%s", clientID, round))
 	if err != nil {
 		return nil, common.NewError("signature_failed", "signature failed")
 	}