Added expiration checking to the writecap verification function

crates/node/src/crypto.rs

@@ -578,7 +578,10 @@ fn verify_write_cap(mut write_cap: &WriteCap, path: &Path) -> Result<bool> {
         if !write_cap.path.contains(path) {
             return Ok(false);
         }
-        // TODO: Verify that `write_cap.expires` is not in the past.
+        let now = Epoch::now();
+        if write_cap.expires <= now {
+            return Ok(false);
+        }
         if let Some(prev) = &prev {
             if prev.signing_key.to_principal() != write_cap.issued_to {
                 return Ok(false);

crates/node/src/main.rs

@@ -7,6 +7,7 @@ use std::{
     convert::TryFrom,
     hash::Hash as Hashable,
     fmt::{self, Display, Formatter},
+    time::SystemTime,
 };
 use serde::{Serialize, Deserialize};
 use serde_big_array::BigArray;
@@ -282,8 +283,18 @@ impl Display for PathError {
 }
 
 /// An instant in time represented by the number of seconds since January 1st 1970, 00:00:00 UTC.
-#[derive(Debug, PartialEq, Serialize, Deserialize, Clone)]
-struct Epoch(i64);
+#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq, PartialOrd, Ord)]
+struct Epoch(u64);
+
+impl Epoch {
+    /// Returns the current epoch time.
+    fn now() -> Epoch {
+        let now = SystemTime::now();
+        // If the system clock is before the unix epoch, just panic.
+        let epoch = now.duration_since(SystemTime::UNIX_EPOCH).unwrap();
+        Epoch(epoch.as_secs())
+    }
+}
 
 /// The serial number of a block fragment.
 #[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Hashable)]