github-actions[bot] commited on
Commit
514d678
·
1 Parent(s): 68229cc

Update from GitHub Actions

Browse files
functions/api/login.ts CHANGED
@@ -10,10 +10,6 @@ export const onRequest = async (context: RouteContext): Promise<Response> => {
10
  if (credentials.username === env.USER_NAME && credentials.password === env.PASSWORD) {
11
  // 生成JWT令牌
12
  let token = await generateToken(credentials.username, env.JWT_SECRET);
13
- if(env.HF_TOKEN)
14
- {
15
- token = env.HF_TOKEN;
16
- }
17
  return new Response(
18
  JSON.stringify({
19
  success: true,
 
10
  if (credentials.username === env.USER_NAME && credentials.password === env.PASSWORD) {
11
  // 生成JWT令牌
12
  let token = await generateToken(credentials.username, env.JWT_SECRET);
 
 
 
 
13
  return new Response(
14
  JSON.stringify({
15
  success: true,
functions/types.d.ts CHANGED
@@ -10,7 +10,6 @@ interface Env {
10
  JWT_SECRET: string; // JWT 密钥
11
  USER_NAME: string; // 用户名
12
  PASSWORD: string; // 密码
13
- HF_TOKEN: string; //抱脸改了规则
14
  ENTRA_CLIENT_ID: string;
15
  ENTRA_CLIENT_SECRET: string;
16
  AUTH_REDIRECT_URI: string;
 
10
  JWT_SECRET: string; // JWT 密钥
11
  USER_NAME: string; // 用户名
12
  PASSWORD: string; // 密码
 
13
  ENTRA_CLIENT_ID: string;
14
  ENTRA_CLIENT_SECRET: string;
15
  AUTH_REDIRECT_URI: string;
functions/utils/auth.ts CHANGED
@@ -8,20 +8,7 @@ import { verifyToken } from './jwt.js';
8
  * @returns 如果认证失败返回错误响应,否则返回 null
9
  */
10
  export async function authMiddleware(request: Request, env: Env): Promise<Response | null> {
11
- console.log(request.headers);
12
  let isValid = await verifyToken(request, env.JWT_SECRET);
13
- if (env.HF_TOKEN) {
14
- const authHeader = request.headers.get('Authorization');
15
- if (!authHeader?.startsWith('Bearer ')) {
16
- isValid = false;
17
- }
18
- else {
19
- const token = authHeader.split(' ')[1];
20
- if (token == env.HF_TOKEN) {
21
- isValid = true;
22
- }
23
- }
24
- }
25
  if (!isValid) {
26
  return new Response(
27
  JSON.stringify({ error: 'Unauthorized' }),
 
8
  * @returns 如果认证失败返回错误响应,否则返回 null
9
  */
10
  export async function authMiddleware(request: Request, env: Env): Promise<Response | null> {
 
11
  let isValid = await verifyToken(request, env.JWT_SECRET);
 
 
 
 
 
 
 
 
 
 
 
 
12
  if (!isValid) {
13
  return new Response(
14
  JSON.stringify({ error: 'Unauthorized' }),
functions/utils/jwt.ts CHANGED
@@ -5,83 +5,86 @@
5
  * @returns 生成的 token 字符串
6
  */
7
  export async function generateToken(username: string, secret: string): Promise<string> {
8
- // JWT 头部信息
9
- const header = { alg: 'HS256', typ: 'JWT' };
10
- // JWT 载荷信息
11
- const payload = {
12
- sub: username,
13
- exp: Math.floor(Date.now() / 1000) + (30 * 24 * 60 * 60), //30天后过期
14
- iat: Math.floor(Date.now() / 1000) // 签发时间
15
- };
16
-
17
- const encodedHeader = btoa(JSON.stringify(header));
18
- const encodedPayload = btoa(JSON.stringify(payload));
19
- const signature = await createHmacSignature(
20
- `${encodedHeader}.${encodedPayload}`,
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
21
  secret
22
  );
23
-
24
- return `${encodedHeader}.${encodedPayload}.${signature}`;
25
- }
26
-
27
- /**
28
- * 验证 JWT token
29
- * @param request 请求对象
30
- * @param secret 密钥
31
- * @returns 验证是否通过
32
- */
33
- export async function verifyToken(request: Request, secret: string): Promise<boolean> {
34
- const authHeader = request.headers.get('Authorization');
35
- if (!authHeader?.startsWith('Bearer ')) {
36
- return false;
37
- }
38
-
39
- const token = authHeader.split(' ')[1];
40
- try {
41
- const [headerB64, payloadB64, signatureB64] = token.split('.');
42
- const expectedSignature = await createHmacSignature(
43
- `${headerB64}.${payloadB64}`,
44
- secret
45
- );
46
-
47
- if (signatureB64 !== expectedSignature) {
48
- return false;
49
- }
50
-
51
- const payload = JSON.parse(atob(payloadB64));
52
- const now = Math.floor(Date.now() / 1000);
53
-
54
- return payload.exp > now;
55
- } catch (error) {
56
- console.error('Token verification failed:', error);
57
  return false;
58
  }
 
 
 
 
 
 
 
 
59
  }
60
-
61
- /**
62
- * 创建 HMAC 签名
63
- * @param message 需要签名的消息
64
- * @param secret 密钥
65
- * @returns 签名字符串
66
- */
67
- async function createHmacSignature(message: string, secret: string): Promise<string> {
68
- const encoder = new TextEncoder();
69
- const keyData = encoder.encode(secret);
70
- const messageData = encoder.encode(message);
71
-
72
- const cryptoKey = await crypto.subtle.importKey(
73
- 'raw',
74
- keyData,
75
- { name: 'HMAC', hash: 'SHA-256' },
76
- false,
77
- ['sign']
78
- );
79
-
80
- const signature = await crypto.subtle.sign(
81
- 'HMAC',
82
- cryptoKey,
83
- messageData
84
- );
85
-
86
- return btoa(String.fromCharCode(...new Uint8Array(signature)));
87
- }
 
 
5
  * @returns 生成的 token 字符串
6
  */
7
  export async function generateToken(username: string, secret: string): Promise<string> {
8
+ // JWT 头部信息
9
+ const header = { alg: 'HS256', typ: 'JWT' };
10
+ // JWT 载荷信息
11
+ const payload = {
12
+ sub: username,
13
+ exp: Math.floor(Date.now() / 1000) + (30 * 24 * 60 * 60), //30天后过期
14
+ iat: Math.floor(Date.now() / 1000) // 签发时间
15
+ };
16
+
17
+ const encodedHeader = btoa(JSON.stringify(header));
18
+ const encodedPayload = btoa(JSON.stringify(payload));
19
+ const signature = await createHmacSignature(
20
+ `${encodedHeader}.${encodedPayload}`,
21
+ secret
22
+ );
23
+
24
+ return `${encodedHeader}.${encodedPayload}.${signature}`;
25
+ }
26
+
27
+ /**
28
+ * 验证 JWT token
29
+ * @param request 请求对象
30
+ * @param secret 密钥
31
+ * @returns 验证是否通过
32
+ */
33
+ export async function verifyToken(request: Request, secret: string): Promise<boolean> {
34
+ let authHeader = request.headers.get('Authorization');
35
+ if (!authHeader) {
36
+ authHeader = request.headers.get('x-app-token');
37
+ }
38
+ if (!authHeader?.startsWith('Bearer ')) {
39
+ return false;
40
+ }
41
+
42
+ const token = authHeader.split(' ')[1];
43
+ try {
44
+ const [headerB64, payloadB64, signatureB64] = token.split('.');
45
+ const expectedSignature = await createHmacSignature(
46
+ `${headerB64}.${payloadB64}`,
47
  secret
48
  );
49
+
50
+ if (signatureB64 !== expectedSignature) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
51
  return false;
52
  }
53
+
54
+ const payload = JSON.parse(atob(payloadB64));
55
+ const now = Math.floor(Date.now() / 1000);
56
+
57
+ return payload.exp > now;
58
+ } catch (error) {
59
+ console.error('Token verification failed:', error);
60
+ return false;
61
  }
62
+ }
63
+
64
+ /**
65
+ * 创建 HMAC 签名
66
+ * @param message 需要签名的消息
67
+ * @param secret 密钥
68
+ * @returns 签名字符串
69
+ */
70
+ async function createHmacSignature(message: string, secret: string): Promise<string> {
71
+ const encoder = new TextEncoder();
72
+ const keyData = encoder.encode(secret);
73
+ const messageData = encoder.encode(message);
74
+
75
+ const cryptoKey = await crypto.subtle.importKey(
76
+ 'raw',
77
+ keyData,
78
+ { name: 'HMAC', hash: 'SHA-256' },
79
+ false,
80
+ ['sign']
81
+ );
82
+
83
+ const signature = await crypto.subtle.sign(
84
+ 'HMAC',
85
+ cryptoKey,
86
+ messageData
87
+ );
88
+
89
+ return btoa(String.fromCharCode(...new Uint8Array(signature)));
90
+ }