🐛 Fix id token mismatch the userinfo endpoint

2024-01-30 23:07:30 +08:00
parent 39904dc08c
commit ecda5bd59b
2 changed files with 8 additions and 7 deletions
--- a/pkg/security/jwt.go
+++ b/pkg/security/jwt.go
@@ -11,8 +11,8 @@ import (
 type PayloadClaims struct {
 	jwt.RegisteredClaims

-	Type  string `json:"typ"`
-	Value any    `json:"val"`
+	SessionID string `json:"sed"`
+	Type      string `json:"typ"`
 }

 const (
@@ -20,7 +20,7 @@ const (
 	JwtRefreshType = "refresh"
 )

-func EncodeJwt(id string, val any, typ, sub string, aud []string, exp time.Time) (string, error) {
+func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
 	tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
 		jwt.RegisteredClaims{
 			Subject:   sub,
@@ -31,8 +31,8 @@ func EncodeJwt(id string, val any, typ, sub string, aud []string, exp time.Time)
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
 			ID:        id,
 		},
+		sed,
 		typ,
-		val,
 	})

 	return tk.SignedString([]byte(viper.GetString("secret")))
--- a/pkg/security/sessions.go
+++ b/pkg/security/sessions.go
@@ -86,12 +86,13 @@ func GetToken(session models.AuthSession) (string, string, error) {

 	var err error

-	sub := strconv.Itoa(int(session.ID))
-	access, err = EncodeJwt(session.AccessToken, nil, JwtAccessType, sub, session.Audiences, time.Now().Add(30*time.Minute))
+	sub := strconv.Itoa(int(session.AccountID))
+	sed := strconv.Itoa(int(session.ID))
+	access, err = EncodeJwt(session.AccessToken, JwtAccessType, sub, sed, session.Audiences, time.Now().Add(30*time.Minute))
 	if err != nil {
 		return refresh, access, err
 	}
-	refresh, err = EncodeJwt(session.RefreshToken, nil, JwtRefreshType, sub, session.Audiences, time.Now().Add(30*24*time.Hour))
+	refresh, err = EncodeJwt(session.RefreshToken, JwtRefreshType, sub, sed, session.Audiences, time.Now().Add(30*24*time.Hour))
 	if err != nil {
 		return refresh, access, err
 	}