0chain · lpoli · Feb 5, 2022 · Feb 5, 2022 · Feb 5, 2022 · Feb 5, 2022
@@ -405,11 +405,8 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) {
 	}
 
 	sign := r.Header.Get(common.ClientSignatureHeader)
-	allocation, ok := mux.Vars(r)["allocation"]
-	if !ok {
-		return false, common.NewError("invalid_params", "Missing allocation tx")
-	}
-	valid, err := verifySignatureFromRequest(allocation, sign, allocationObj.OwnerPublicKey)
+
+	valid, err := verifySignatureFromRequest(allocationID, sign, allocationObj.OwnerPublicKey)
 	if !valid || err != nil {
 		return nil, common.NewError("invalid_signature", "Invalid signature")
 	}
@@ -421,10 +418,12 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) {
 	if err != nil {
 		return nil, common.NewError("invalid_parameters", "Invalid file path. "+err.Error())
 	}
+
 	clientID := ctx.Value(constants.ContextKeyClient).(string)
 	if clientID != allocationObj.OwnerID {
 		return nil, common.NewError("invalid_operation", "Operation needs to be performed by the owner of the allocation")
 	}
+
 	err = reference.DeleteShareInfo(ctx, &reference.ShareInfo{
 		ClientID:     refereeClientID,
 		FilePathHash: filePathHash,
@@ -436,9 +435,11 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) {
 		}
 		return resp, nil
 	}
+
 	if err != nil {
 		return nil, err
 	}
+
 	resp := map[string]interface{}{
 		"status":  http.StatusNoContent,
 		"message": "Path successfully removed from allocation",
@@ -456,11 +457,8 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) {
 	}
 
 	sign := r.Header.Get(common.ClientSignatureHeader)
-	allocation, ok := mux.Vars(r)["allocation"]
-	if !ok {
-		return false, common.NewError("invalid_params", "Missing allocation tx")
-	}
-	valid, err := verifySignatureFromRequest(allocation, sign, allocationObj.OwnerPublicKey)
+
+	valid, err := verifySignatureFromRequest(allocationID, sign, allocationObj.OwnerPublicKey)
 	if !valid || err != nil {
 		return nil, common.NewError("invalid_signature", "Invalid signature")
 	}
@@ -488,11 +486,6 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) {
 		return nil, err
 	}
 
-	// dummy, to avoid input and sql error
-	if len(authTicket.ClientID) != 64 || len(authTicket.OwnerID) != 64 {
-		return nil, common.NewError("share_info_insert", "Wrong ownerID or clientID")
-	}
-
 	shareInfo := reference.ShareInfo{
 		OwnerID:                   authTicket.OwnerID,
 		ClientID:                  authTicket.ClientID,
@@ -509,15 +502,13 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) {
 	} else {
 		err = reference.AddShareInfo(ctx, shareInfo)
 	}
+
 	if err != nil {
+		Logger.Info(err.Error())
 		return nil, common.NewError("share_info_insert", "Unable to save share info")
 	}
 
-	resp := map[string]interface{}{
-		"message": "Share info added successfully",
-	}
-
-	return resp, nil
+	return map[string]interface{}{"message": "Share info added successfully"}, nil
 }
 
 func MarketPlaceShareInfoHandler(ctx context.Context, r *http.Request) (interface{}, error) {

@@ -4,16 +4,20 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"time"
 
 	"github.com/0chain/blobber/code/go/0chain.net/blobbercore/allocation"
 	"github.com/0chain/blobber/code/go/0chain.net/blobbercore/datastore"
 	"github.com/0chain/blobber/code/go/0chain.net/core/common"
 	"github.com/0chain/blobber/code/go/0chain.net/core/encryption"
+	zLogger "github.com/0chain/blobber/code/go/0chain.net/core/logging"
 
+	"go.uber.org/zap"
 	"gorm.io/datatypes"
+)
 
-	. "github.com/0chain/blobber/code/go/0chain.net/core/logging"
-	"go.uber.org/zap"
+const (
+	NinetyDays = common.Timestamp(90 * 24 * time.Hour)
 )
 
 type AuthTicket struct {
@@ -40,11 +44,18 @@ func (authToken *AuthTicket) Verify(allocationObj *allocation.Allocation, client
 	if authToken.AllocationID != allocationObj.ID {
 		return common.NewError("invalid_parameters", "Invalid auth ticket. Allocation id mismatch")
 	}
-	if authToken.ClientID != clientID && len(authToken.ClientID) > 0 {
+	if authToken.ClientID != "" && authToken.ClientID != clientID {
 		return common.NewError("invalid_parameters", "Invalid auth ticket. Client ID mismatch")
 	}
-	if authToken.Expiration > 0 && (authToken.Expiration < authToken.Timestamp || authToken.Expiration < common.Now()) {
-		return common.NewError("invalid_parameters", "Invalid auth ticket. Expired ticket")
+
+	if authToken.Expiration > 0 {
+		if authToken.Expiration < authToken.Timestamp || authToken.Expiration <= common.Now() {
+			return common.NewError("invalid_parameters", "Invalid auth ticket. Expired ticket")
+		}
+	} else { // check for default 90 days expiration time
+		if authToken.Timestamp+NinetyDays <= common.Now() {
+			return common.NewError("invalid_parameters", "Authticket expired")
+		}
 	}
 
 	if authToken.OwnerID != allocationObj.OwnerID {
@@ -60,6 +71,7 @@ func (authToken *AuthTicket) Verify(allocationObj *allocation.Allocation, client
 	if err != nil || !sigOK {
 		return common.NewError("invalid_parameters", "Invalid auth ticket. Signature verification failed")
 	}
+
 	return nil
 }
 
@@ -169,7 +181,7 @@ func (rm *ReadMarkerEntity) Sync(ctx context.Context) (err error) {
 func (rm *ReadMarkerEntity) UpdateStatus(ctx context.Context, rps []*allocation.ReadPool, txOutput, redeemTxn string) (err error) {
 	var redeems []allocation.ReadPoolRedeem
 	if err = json.Unmarshal([]byte(txOutput), &redeems); err != nil {
-		Logger.Error("update read redeeming status: can't decode transaction"+
+		zLogger.Logger.Error("update read redeeming status: can't decode transaction"+
 			" output", zap.Error(err))
 		return common.NewErrorf("rme_update_status",
 			"can't decode transaction output: %v", err)