diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 3aba627..13a2246 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"time"
 )
 
 var (
@@ -32,6 +33,11 @@ type Auth interface {
 // 包含 X-Policy， 则此请求会被认定为上传请求，只会对URI部分和
 // Policy部分进行签名。其他请求则会对URI和Body部分进行签名。
 func SignRequest(instance Auth, r *http.Request, expires int64) *http.Request {
+	// 处理有效期
+	if expires > 0 {
+		expires += time.Now().Unix()
+	}
+
 	// 生成签名
 	sign := instance.Sign(getSignContent(r), expires)
 
@@ -73,6 +79,11 @@ func getSignContent(r *http.Request) (rawSignString string) {
 
 // SignURI 对URI进行签名,签名只针对Path部分，query部分不做验证
 func SignURI(instance Auth, uri string, expires int64) (*url.URL, error) {
+	// 处理有效期
+	if expires != 0 {
+		expires += time.Now().Unix()
+	}
+
 	base, err := url.Parse(uri)
 	if err != nil {
 		return nil, err
diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
index 0aecf38..44fba71 100644
--- a/pkg/auth/auth_test.go
+++ b/pkg/auth/auth_test.go
@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"strings"
 	"testing"
-	"time"
 )
 
 func TestSignURI(t *testing.T) {
@@ -37,14 +36,14 @@ func TestCheckURI(t *testing.T) {
 
 	// 成功
 	{
-		sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", time.Now().Unix()+10)
+		sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", 10)
 		asserts.NoError(err)
 		asserts.NoError(CheckURI(General, sign))
 	}
 
 	// 过期
 	{
-		sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", time.Now().Unix()-1)
+		sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", -1)
 		asserts.NoError(err)
 		asserts.Error(CheckURI(General, sign))
 	}
diff --git a/pkg/filesystem/local/handler.go b/pkg/filesystem/local/handler.go
index 96219e1..426ef9a 100644
--- a/pkg/filesystem/local/handler.go
+++ b/pkg/filesystem/local/handler.go
@@ -16,7 +16,6 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
-	"time"
 )
 
 // Handler 本地策略适配器
@@ -124,11 +123,6 @@ func (handler Handler) Source(
 		return "", errors.New("无法获取文件记录上下文")
 	}
 
-	var expires int64
-	if ttl > 0 {
-		expires = time.Now().Unix() + ttl
-	}
-
 	var (
 		signedURI *url.URL
 		err       error
@@ -145,14 +139,14 @@ func (handler Handler) Source(
 		signedURI, err = auth.SignURI(
 			auth.General,
 			fmt.Sprintf("/api/v3/file/download/%s", downloadSessionID),
-			expires,
+			ttl,
 		)
 	} else {
 		// 签名生成文件记录
 		signedURI, err = auth.SignURI(
 			auth.General,
 			fmt.Sprintf("/api/v3/file/get/%d/%s", file.ID, file.Name),
-			expires,
+			ttl,
 		)
 	}
 
diff --git a/pkg/filesystem/remote/handler.go b/pkg/filesystem/remote/handler.go
index e75a7b2..98f3ee0 100644
--- a/pkg/filesystem/remote/handler.go
+++ b/pkg/filesystem/remote/handler.go
@@ -17,7 +17,6 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
-	"time"
 )
 
 // Handler 远程存储策略适配器
@@ -106,7 +105,7 @@ func (handler Handler) Thumb(ctx context.Context, path string) (*response.Conten
 	sourcePath := base64.RawURLEncoding.EncodeToString([]byte(path))
 	thumbURL := handler.getAPI("thumb") + "/" + sourcePath
 	ttl := model.GetIntSetting("slave_api_timeout", 60)
-	signedThumbURL, err := auth.SignURI(handler.AuthInstance, thumbURL, time.Now().Unix()+int64(ttl))
+	signedThumbURL, err := auth.SignURI(handler.AuthInstance, thumbURL, int64(ttl))
 	if err != nil {
 		return nil, err
 	}
@@ -137,23 +136,19 @@ func (handler Handler) Source(
 	}
 
 	var (
-		expires    int64
 		signedURI  *url.URL
 		controller = "/api/v3/slave/download"
 	)
 	if !isDownload {
 		controller = "/api/v3/slave/source"
 	}
-	if ttl > 0 {
-		expires = time.Now().Unix() + ttl
-	}
 
 	// 签名下载地址
 	sourcePath := base64.RawURLEncoding.EncodeToString([]byte(file.SourceName))
 	signedURI, err = auth.SignURI(
 		handler.AuthInstance,
 		fmt.Sprintf("%s/%d/%s/%s", controller, speed, sourcePath, file.Name),
-		expires,
+		ttl,
 	)
 
 	if err != nil {
@@ -191,7 +186,7 @@ func (handler Handler) Token(ctx context.Context, TTL int64, key string) (serial
 	uploadRequest.Header = map[string][]string{
 		"X-Policy": {policyEncoded},
 	}
-	auth.SignRequest(handler.AuthInstance, uploadRequest, time.Now().Unix()+TTL)
+	auth.SignRequest(handler.AuthInstance, uploadRequest, TTL)
 
 	if credential, ok := uploadRequest.Header["Authorization"]; ok && len(credential) == 1 {
 		return serializer.UploadCredential{
diff --git a/pkg/request/request.go b/pkg/request/request.go
index 2ed0bd8..f0949a8 100644
--- a/pkg/request/request.go
+++ b/pkg/request/request.go
@@ -95,7 +95,7 @@ func (c HTTPClient) Request(method, target string, body io.Reader, opts ...Optio
 
 	// 签名请求
 	if options.sign != nil {
-		auth.SignRequest(options.sign, req, time.Now().Unix()+options.signTTL)
+		auth.SignRequest(options.sign, req, options.signTTL)
 	}
 
 	// 发送请求