✨ Present azp in token
This commit is contained in:
parent
ebbfd7450c
commit
94aed49092
4
.idea/workspace.xml
generated
4
.idea/workspace.xml
generated
@ -4,9 +4,7 @@
|
||||
<option name="autoReloadType" value="ALL" />
|
||||
</component>
|
||||
<component name="ChangeListManager">
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups">
|
||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||
</list>
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups" />
|
||||
<option name="SHOW_DIALOG" value="false" />
|
||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
||||
|
@ -11,8 +11,9 @@ import (
|
||||
type PayloadClaims struct {
|
||||
jwt.RegisteredClaims
|
||||
|
||||
SessionID string `json:"sed"`
|
||||
Type string `json:"typ"`
|
||||
AuthorizedParties string `json:"azp,omitempty"`
|
||||
SessionID string `json:"sed"`
|
||||
Type string `json:"typ"`
|
||||
}
|
||||
|
||||
const (
|
||||
@ -21,8 +22,16 @@ const (
|
||||
)
|
||||
|
||||
func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
|
||||
var azp string
|
||||
for _, item := range aud {
|
||||
if item != InternalTokenAudience {
|
||||
azp = item
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
|
||||
jwt.RegisteredClaims{
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Subject: sub,
|
||||
Audience: aud,
|
||||
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
|
||||
@ -31,8 +40,9 @@ func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (st
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
ID: id,
|
||||
},
|
||||
sed,
|
||||
typ,
|
||||
AuthorizedParties: azp,
|
||||
SessionID: sed,
|
||||
Type: typ,
|
||||
})
|
||||
|
||||
return tk.SignedString([]byte(viper.GetString("secret")))
|
||||
|
@ -11,6 +11,8 @@ import (
|
||||
"github.com/samber/lo"
|
||||
)
|
||||
|
||||
const InternalTokenAudience = "passport"
|
||||
|
||||
func DetectRisk(user models.Account, ip, ua string) bool {
|
||||
var clue int64
|
||||
if err := database.C.
|
||||
@ -41,7 +43,7 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
|
||||
|
||||
ticket = models.AuthTicket{
|
||||
Claims: []string{"*"},
|
||||
Audiences: []string{"passport"},
|
||||
Audiences: []string{InternalTokenAudience},
|
||||
IpAddress: ip,
|
||||
UserAgent: ua,
|
||||
RequireMFA: requireMFA,
|
||||
|
Loading…
Reference in New Issue
Block a user