refactor(sts): add explicit zero-time expiration handling

Improved defensive programming in IsExpired() methods: 1. Credentials.IsExpired(): - Added explicit check for zero-time expiration (time.Time{}) - Treats uninitialized credentials as expired - Prevents accidentally treating uninitialized creds as valid 2. SessionInfo.IsExpired(): - Added same explicit zero-time check - Treats uninitialized sessions as expired - Protects against bugs where sessions might not be properly initialized This is important because time.Now().After(time.Time{}) returns true, but explicitly checking for zero time makes the intent clear and helps catch initialization bugs during code review and debugging.
1 month ago · 00c37387db
1 changed files with 9 additions and 0 deletions
--- a/weed/iam/sts/session_helpers.go
+++ b/weed/iam/sts/session_helpers.go
@ -7,6 +7,11 @@ func (c *Credentials) IsExpired() bool {
 	if c == nil {
 		return true
 	}
+	// Treat zero-time expiration as expired (uninitialized credentials)
+	// This prevents treating uninitialized credentials as valid
+	if c.Expiration.IsZero() {
+		return true
+	}
 	return time.Now().After(c.Expiration)
 }

@ -16,5 +21,9 @@ func (s *SessionInfo) IsExpired() bool {
 	if s == nil {
 		return true
 	}
+	// Treat zero-time expiration as expired (uninitialized session)
+	if s.ExpiresAt.IsZero() {
+		return true
+	}
 	return time.Now().After(s.ExpiresAt)
 }