From a4e28e72dcf0f8e13617a6af20e42f65b4e2ccee Mon Sep 17 00:00:00 2001
From: sometimes-i-send-pull-requests
 <sometimes-i-send-pull-requests@users.noreply.github.com>
Date: Fri, 31 Jan 2025 00:55:15 -0800
Subject: [PATCH] Use expiration parameter in getVAPIDAuthorizationHeader

Previously it was being ignored, and would always use a value based on
12 hours after time.Now().  With this change, expiration is now used
as provided.
---
 vapid.go      |  2 +-
 vapid_test.go | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/vapid.go b/vapid.go
index d1c2a91..5da15d3 100644
--- a/vapid.go
+++ b/vapid.go
@@ -79,7 +79,7 @@ func getVAPIDAuthorizationHeader(
 
 	token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
 		"aud": subURL.Scheme + "://" + subURL.Host,
-		"exp": time.Now().Add(time.Hour * 12).Unix(),
+		"exp": expiration.Unix(),
 		"sub": subscriber,
 	})
 
diff --git a/vapid_test.go b/vapid_test.go
index ae3ba9d..f6d521b 100644
--- a/vapid_test.go
+++ b/vapid_test.go
@@ -20,13 +20,16 @@ func TestVAPID(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	// Unusual expiration to check that the expiration value is used
+	expiration := time.Now().Add(time.Hour * 11).Add(23 * time.Minute)
+
 	// Get authentication header
 	vapidAuthHeader, err := getVAPIDAuthorizationHeader(
 		s.Endpoint,
 		sub,
 		vapidPublicKey,
 		vapidPrivateKey,
-		time.Now().Add(time.Hour*12),
+		expiration,
 	)
 	if err != nil {
 		t.Fatal(err)
@@ -65,6 +68,15 @@ func TestVAPID(t *testing.T) {
 		if claims["aud"] == "" {
 			t.Fatal("Audience should not be empty")
 		}
+
+		expectedExp := float64(expiration.Unix())
+		if expectedExp != claims["exp"] {
+			t.Fatalf(
+				"Incorrect exp, expected=%v, got=%v",
+				expectedExp,
+				claims["exp"],
+			)
+		}
 	} else {
 		t.Fatal(err)
 	}