✨ Present azp in token
This commit is contained in:
parent
ebbfd7450c
commit
94aed49092
@ -4,9 +4,7 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Fix permissions in groups" />
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
|
||||||
</list>
|
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
||||||
|
@ -11,6 +11,7 @@ import (
|
|||||||
type PayloadClaims struct {
|
type PayloadClaims struct {
|
||||||
jwt.RegisteredClaims
|
jwt.RegisteredClaims
|
||||||
|
|
||||||
|
AuthorizedParties string `json:"azp,omitempty"`
|
||||||
SessionID string `json:"sed"`
|
SessionID string `json:"sed"`
|
||||||
Type string `json:"typ"`
|
Type string `json:"typ"`
|
||||||
}
|
}
|
||||||
@ -21,8 +22,16 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
|
func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (string, error) {
|
||||||
|
var azp string
|
||||||
|
for _, item := range aud {
|
||||||
|
if item != InternalTokenAudience {
|
||||||
|
azp = item
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
|
tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
|
||||||
jwt.RegisteredClaims{
|
RegisteredClaims: jwt.RegisteredClaims{
|
||||||
Subject: sub,
|
Subject: sub,
|
||||||
Audience: aud,
|
Audience: aud,
|
||||||
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
|
Issuer: fmt.Sprintf("https://%s", viper.GetString("domain")),
|
||||||
@ -31,8 +40,9 @@ func EncodeJwt(id string, typ, sub, sed string, aud []string, exp time.Time) (st
|
|||||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||||
ID: id,
|
ID: id,
|
||||||
},
|
},
|
||||||
sed,
|
AuthorizedParties: azp,
|
||||||
typ,
|
SessionID: sed,
|
||||||
|
Type: typ,
|
||||||
})
|
})
|
||||||
|
|
||||||
return tk.SignedString([]byte(viper.GetString("secret")))
|
return tk.SignedString([]byte(viper.GetString("secret")))
|
||||||
|
@ -11,6 +11,8 @@ import (
|
|||||||
"github.com/samber/lo"
|
"github.com/samber/lo"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const InternalTokenAudience = "passport"
|
||||||
|
|
||||||
func DetectRisk(user models.Account, ip, ua string) bool {
|
func DetectRisk(user models.Account, ip, ua string) bool {
|
||||||
var clue int64
|
var clue int64
|
||||||
if err := database.C.
|
if err := database.C.
|
||||||
@ -41,7 +43,7 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
|
|||||||
|
|
||||||
ticket = models.AuthTicket{
|
ticket = models.AuthTicket{
|
||||||
Claims: []string{"*"},
|
Claims: []string{"*"},
|
||||||
Audiences: []string{"passport"},
|
Audiences: []string{InternalTokenAudience},
|
||||||
IpAddress: ip,
|
IpAddress: ip,
|
||||||
UserAgent: ua,
|
UserAgent: ua,
|
||||||
RequireMFA: requireMFA,
|
RequireMFA: requireMFA,
|
||||||
|
Loading…
Reference in New Issue
Block a user