Present azp in token

This commit is contained in:
LittleSheep 2024-07-28 19:50:49 +08:00
parent ebbfd7450c
commit 94aed49092
3 changed files with 19 additions and 9 deletions

4
.idea/workspace.xml generated
View File

@ -4,9 +4,7 @@
<option name="autoReloadType" value="ALL" /> <option name="autoReloadType" value="ALL" />
</component> </component>
<component name="ChangeListManager"> <component name="ChangeListManager">
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups"> <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" /> <option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" /> <option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" /> <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />

View File

@ -11,6 +11,7 @@ import (
type PayloadClaims struct { type PayloadClaims struct {
jwt.RegisteredClaims jwt.RegisteredClaims
AuthorizedParties string `json:"azp,omitempty"`
SessionID string `json:"sed"` SessionID string `json:"sed"`
Type string `json:"typ"` Type string `json:"typ"`
} }
@ -21,8 +22,16 @@ const (
) )
func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) { func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
var azp string
for _, item := range aud {
if item != InternalTokenAudience {
azp = item
break
}
}
tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{ tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Subject: sub, Subject: sub,
Audience: aud, Audience: aud,
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")), Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
@ -31,8 +40,9 @@ func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (st
IssuedAt: jwt.NewNumericDate(time.Now()), IssuedAt: jwt.NewNumericDate(time.Now()),
ID: id, ID: id,
}, },
sed, AuthorizedParties: azp,
typ, SessionID: sed,
Type: typ,
}) })
return tk.SignedString([]byte(viper.GetString("secret"))) return tk.SignedString([]byte(viper.GetString("secret")))

View File

@ -11,6 +11,8 @@ import (
"github.com/samber/lo" "github.com/samber/lo"
) )
const InternalTokenAudience = "passport"
func DetectRisk(user models.Account, ip, ua string) bool { func DetectRisk(user models.Account, ip, ua string) bool {
var clue int64 var clue int64
if err := database.C. if err := database.C.
@ -41,7 +43,7 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
ticket = models.AuthTicket{ ticket = models.AuthTicket{
Claims: []string{"*"}, Claims: []string{"*"},
Audiences: []string{"passport"}, Audiences: []string{InternalTokenAudience},
IpAddress: ip, IpAddress: ip,
UserAgent: ua, UserAgent: ua,
RequireMFA: requireMFA, RequireMFA: requireMFA,