1 files changed, 20 insertions, 10 deletions

diff --git a/src/Sproxy/Application/State.hs b/src/Sproxy/Application/State.hs
index 29d9252..8ddbedf 100644
--- a/src/Sproxy/Application/State.hs
+++ b/src/Sproxy/Application/State.hs
@@ -6,6 +6,8 @@ module Sproxy.Application.State (
 import Data.ByteString (ByteString)
 import Data.ByteString.Lazy (fromStrict, toStrict)
 import Data.Digest.Pure.SHA (hmacSha1, bytestringDigest)
+import Foreign.C.Types (CTime(..))
+import System.Posix.Time (epochTime)
 import qualified Data.ByteString.Base64 as Base64
 import qualified Data.Serialize as DS
 
@@ -13,16 +15,24 @@ import qualified Data.Serialize as DS
 -- FIXME: Compress / decompress ?
 
 
-encode :: ByteString -> ByteString -> ByteString
-encode key payload = Base64.encode . DS.encode $ (payload, digest key payload)
-
-
-decode :: ByteString -> ByteString -> Either String ByteString
-decode key d = do
-  (payload, dgst) <- DS.decode =<< Base64.decode d
-  if dgst /= digest key payload
-  then Left "junk"
-  else Right payload
+encode :: ByteString -> Int -> ByteString -> IO (ByteString, CTime)
+encode key shelflife payload = do
+  now <- epochTime
+  let expiry = now + (CTime . fromIntegral $ shelflife)
+      d = DS.encode (payload, (\(CTime i64) -> i64) expiry)
+  return (Base64.encode . DS.encode $ (d, digest key d), expiry)
+
+
+decode :: ByteString -> ByteString -> IO (Either String ByteString)
+decode key raw = do
+  (CTime now) <- epochTime
+  return $ do
+      (d, dgst) <- DS.decode =<< Base64.decode raw
+      if dgst /= digest key d then Left "junk"
+      else do
+        (payload, expiry) <- DS.decode d
+        if expiry < now then Left "expired"
+                        else Right payload
   
 
 digest :: ByteString -> ByteString -> ByteString