Present azp in token

This commit is contained in:
LittleSheep 2024-07-28 19:50:49 +08:00
parent ebbfd7450c
commit 94aed49092
3 changed files with 19 additions and 9 deletions

4
.idea/workspace.xml generated
View File

@ -4,9 +4,7 @@
<option name="autoReloadType" value="ALL" />
</component>
<component name="ChangeListManager">
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups">
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
</list>
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups" />
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />

View File

@ -11,8 +11,9 @@ import (
type PayloadClaims struct {
jwt.RegisteredClaims
SessionID string `json:"sed"`
Type string `json:"typ"`
AuthorizedParties string `json:"azp,omitempty"`
SessionID string `json:"sed"`
Type string `json:"typ"`
}
const (
@ -21,8 +22,16 @@ const (
)
func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
var azp string
for _, item := range aud {
if item != InternalTokenAudience {
azp = item
break
}
}
tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
jwt.RegisteredClaims{
RegisteredClaims: jwt.RegisteredClaims{
Subject: sub,
Audience: aud,
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
@ -31,8 +40,9 @@ func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (st
IssuedAt: jwt.NewNumericDate(time.Now()),
ID: id,
},
sed,
typ,
AuthorizedParties: azp,
SessionID: sed,
Type: typ,
})
return tk.SignedString([]byte(viper.GetString("secret")))

View File

@ -11,6 +11,8 @@ import (
"github.com/samber/lo"
)
const InternalTokenAudience = "passport"
func DetectRisk(user models.Account, ip, ua string) bool {
var clue int64
if err := database.C.
@ -41,7 +43,7 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
ticket = models.AuthTicket{
Claims: []string{"*"},
Audiences: []string{"passport"},
Audiences: []string{InternalTokenAudience},
IpAddress: ip,
UserAgent: ua,
RequireMFA: requireMFA,