From 433550514d01b93f1e7f320e79589086e8b35d4b Mon Sep 17 00:00:00 2001
From: Airat Arifullin <a.arifullin@yadro.com>
Date: Fri, 5 Jul 2024 11:50:11 +0300
Subject: [PATCH] [#1229] util: Fix session token expiration check

* Make session token expired at `current_epoch + 1` but
  not at `current_epoch` when it's still valid.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
---
 pkg/services/object/util/key.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/services/object/util/key.go b/pkg/services/object/util/key.go
index 8304bf13a..23d6c1c68 100644
--- a/pkg/services/object/util/key.go
+++ b/pkg/services/object/util/key.go
@@ -67,7 +67,7 @@ func (s *KeyStorage) GetKey(info *SessionInfo) (*ecdsa.PrivateKey, error) {
 
 		pToken := s.tokenStore.Get(info.Owner, binID)
 		if pToken != nil {
-			if pToken.ExpiredAt() <= s.networkState.CurrentEpoch() {
+			if pToken.ExpiredAt() < s.networkState.CurrentEpoch() {
 				return nil, new(apistatus.SessionTokenExpired)
 			}
 			return pToken.SessionKey(), nil
-- 
2.45.2