wangxuming/NianAIGC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改认证中心对接方式

Browse Source
This commit is contained in:
brother7
2026-06-04 12:02:53 +08:00
parent fb0229ba06
commit ce358df201
13 changed files with 195 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/server/auth/jwt.ts
View File

@@ -143,12 +143,14 @@ function validateClaims(claims: AuthTokenClaims, config: AuthRuntimeConfig) {
if (iat && iat > now + skew) throw new JwtVerificationError("JWT issued-at is in the future.");
if (claims.iss !== config.issuer) throw new JwtVerificationError("JWT issuer is not trusted.");
const clientId = stringClaim(claims.client_id) || stringClaim(claims.clientId);
if (clientId !== config.clientId) throw new JwtVerificationError("JWT client id is not allowed.");
if (clientId && clientId !== config.clientId) throw new JwtVerificationError("JWT client id is not allowed.");
const requiredScopes = config.scope.split(/\s+/).filter(Boolean);
if (requiredScopes.length) {
const tokenScopes = new Set(stringListClaim(claims.scope));
for (const scope of requiredScopes) {
if (!tokenScopes.has(scope)) throw new JwtVerificationError("JWT scope is not allowed.");
if (tokenScopes.size > 0) {
for (const scope of requiredScopes) {
if (!tokenScopes.has(scope)) throw new JwtVerificationError("JWT scope is not allowed.");
}
}
}
}