2 files changed, 10 insertions, 8 deletions

diff --git a/weed/security/guard.go b/weed/security/guard.go
index 84a415253..d8427997e 100644
--- a/weed/security/guard.go
+++ b/weed/security/guard.go
@@ -41,14 +41,15 @@ https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go
 
 */
 type Guard struct {
-	whiteList  []string
-	SigningKey SigningKey
+	whiteList       []string
+	SigningKey      SigningKey
+	ExpiresAfterSec int
 
 	isActive bool
 }
 
-func NewGuard(whiteList []string, signingKey string) *Guard {
-	g := &Guard{whiteList: whiteList, SigningKey: SigningKey(signingKey)}
+func NewGuard(whiteList []string, signingKey string, expiresAfterSec int) *Guard {
+	g := &Guard{whiteList: whiteList, SigningKey: SigningKey(signingKey), ExpiresAfterSec:expiresAfterSec}
 	g.isActive = len(g.whiteList) != 0 || len(g.SigningKey) != 0
 	return g
 }
diff --git a/weed/security/jwt.go b/weed/security/jwt.go
index 45a77f093..0bd7fa974 100644
--- a/weed/security/jwt.go
+++ b/weed/security/jwt.go
@@ -18,16 +18,17 @@ type SeaweedFileIdClaims struct {
 	jwt.StandardClaims
 }
 
-func GenJwt(signingKey SigningKey, fileId string) EncodedJwt {
+func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt {
 	if len(signingKey) == 0 {
 		return ""
 	}
 
 	claims := SeaweedFileIdClaims{
 		fileId,
-		jwt.StandardClaims{
-			ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
-		},
+		jwt.StandardClaims{},
+	}
+	if expiresAfterSec > 0 {
+		claims.ExpiresAt = time.Now().Add(time.Second * time.Duration(expiresAfterSec)).Unix()
 	}
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	encoded, e := t.SignedString([]byte(signingKey))