From defa0e2c44cacde4132e7773e81d312c17626b63 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Tue, 21 Feb 2023 13:26:17 +0000
Subject: [PATCH] Signature time cheching tollerance

---
 httpsig.py | 5 +++--
 posts.py   | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/httpsig.py b/httpsig.py
index 010f51ef4..6dc0584c3 100644
--- a/httpsig.py
+++ b/httpsig.py
@@ -312,13 +312,14 @@ def _verify_recent_signature(signed_date_str: str) -> bool:
         break
     if not signed_date:
         return False
-    time_diff_sec = (curr_date - signed_date).seconds
+    time_diff_sec = (curr_date - signed_date).total_seconds()
     # 12 hours tollerance
     if time_diff_sec > 43200:
         print('WARN: Header signed too long ago: ' + signed_date_str + ' ' +
               str(time_diff_sec / (60 * 60)) + ' hours')
         return False
-    if time_diff_sec < 0:
+    # allow clocks to be off by a few mins
+    if time_diff_sec < -480:
         print('WARN: Header signed in the future! ' + signed_date_str + ' ' +
               str(time_diff_sec / (60 * 60)) + ' hours')
         return False
diff --git a/posts.py b/posts.py
index 859b99e02..7c92db277 100644
--- a/posts.py
+++ b/posts.py
@@ -5984,7 +5984,7 @@ def seconds_between_published(published1: str, published2: str) -> int:
         print('EX: seconds_between_published unable to parse date 2 ' +
               str(published2))
         return -1
-    return (published2_time - published1_time).seconds
+    return (published2_time - published1_time).total_seconds()
 
 
 def edited_post_filename(base_dir: str, nickname: str, domain: str,