github-actions[bot]
commited on
Commit
·
514d678
1
Parent(s):
68229cc
Update from GitHub Actions
Browse files- functions/api/login.ts +0 -4
- functions/types.d.ts +0 -1
- functions/utils/auth.ts +0 -13
- functions/utils/jwt.ts +78 -75
functions/api/login.ts
CHANGED
@@ -10,10 +10,6 @@ export const onRequest = async (context: RouteContext): Promise<Response> => {
|
|
10 |
if (credentials.username === env.USER_NAME && credentials.password === env.PASSWORD) {
|
11 |
// 生成JWT令牌
|
12 |
let token = await generateToken(credentials.username, env.JWT_SECRET);
|
13 |
-
if(env.HF_TOKEN)
|
14 |
-
{
|
15 |
-
token = env.HF_TOKEN;
|
16 |
-
}
|
17 |
return new Response(
|
18 |
JSON.stringify({
|
19 |
success: true,
|
|
|
10 |
if (credentials.username === env.USER_NAME && credentials.password === env.PASSWORD) {
|
11 |
// 生成JWT令牌
|
12 |
let token = await generateToken(credentials.username, env.JWT_SECRET);
|
|
|
|
|
|
|
|
|
13 |
return new Response(
|
14 |
JSON.stringify({
|
15 |
success: true,
|
functions/types.d.ts
CHANGED
@@ -10,7 +10,6 @@ interface Env {
|
|
10 |
JWT_SECRET: string; // JWT 密钥
|
11 |
USER_NAME: string; // 用户名
|
12 |
PASSWORD: string; // 密码
|
13 |
-
HF_TOKEN: string; //抱脸改了规则
|
14 |
ENTRA_CLIENT_ID: string;
|
15 |
ENTRA_CLIENT_SECRET: string;
|
16 |
AUTH_REDIRECT_URI: string;
|
|
|
10 |
JWT_SECRET: string; // JWT 密钥
|
11 |
USER_NAME: string; // 用户名
|
12 |
PASSWORD: string; // 密码
|
|
|
13 |
ENTRA_CLIENT_ID: string;
|
14 |
ENTRA_CLIENT_SECRET: string;
|
15 |
AUTH_REDIRECT_URI: string;
|
functions/utils/auth.ts
CHANGED
@@ -8,20 +8,7 @@ import { verifyToken } from './jwt.js';
|
|
8 |
* @returns 如果认证失败返回错误响应,否则返回 null
|
9 |
*/
|
10 |
export async function authMiddleware(request: Request, env: Env): Promise<Response | null> {
|
11 |
-
console.log(request.headers);
|
12 |
let isValid = await verifyToken(request, env.JWT_SECRET);
|
13 |
-
if (env.HF_TOKEN) {
|
14 |
-
const authHeader = request.headers.get('Authorization');
|
15 |
-
if (!authHeader?.startsWith('Bearer ')) {
|
16 |
-
isValid = false;
|
17 |
-
}
|
18 |
-
else {
|
19 |
-
const token = authHeader.split(' ')[1];
|
20 |
-
if (token == env.HF_TOKEN) {
|
21 |
-
isValid = true;
|
22 |
-
}
|
23 |
-
}
|
24 |
-
}
|
25 |
if (!isValid) {
|
26 |
return new Response(
|
27 |
JSON.stringify({ error: 'Unauthorized' }),
|
|
|
8 |
* @returns 如果认证失败返回错误响应,否则返回 null
|
9 |
*/
|
10 |
export async function authMiddleware(request: Request, env: Env): Promise<Response | null> {
|
|
|
11 |
let isValid = await verifyToken(request, env.JWT_SECRET);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
if (!isValid) {
|
13 |
return new Response(
|
14 |
JSON.stringify({ error: 'Unauthorized' }),
|
functions/utils/jwt.ts
CHANGED
@@ -5,83 +5,86 @@
|
|
5 |
* @returns 生成的 token 字符串
|
6 |
*/
|
7 |
export async function generateToken(username: string, secret: string): Promise<string> {
|
8 |
-
|
9 |
-
|
10 |
-
|
11 |
-
|
12 |
-
|
13 |
-
|
14 |
-
|
15 |
-
|
16 |
-
|
17 |
-
|
18 |
-
|
19 |
-
|
20 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
21 |
secret
|
22 |
);
|
23 |
-
|
24 |
-
|
25 |
-
}
|
26 |
-
|
27 |
-
/**
|
28 |
-
* 验证 JWT token
|
29 |
-
* @param request 请求对象
|
30 |
-
* @param secret 密钥
|
31 |
-
* @returns 验证是否通过
|
32 |
-
*/
|
33 |
-
export async function verifyToken(request: Request, secret: string): Promise<boolean> {
|
34 |
-
const authHeader = request.headers.get('Authorization');
|
35 |
-
if (!authHeader?.startsWith('Bearer ')) {
|
36 |
-
return false;
|
37 |
-
}
|
38 |
-
|
39 |
-
const token = authHeader.split(' ')[1];
|
40 |
-
try {
|
41 |
-
const [headerB64, payloadB64, signatureB64] = token.split('.');
|
42 |
-
const expectedSignature = await createHmacSignature(
|
43 |
-
`${headerB64}.${payloadB64}`,
|
44 |
-
secret
|
45 |
-
);
|
46 |
-
|
47 |
-
if (signatureB64 !== expectedSignature) {
|
48 |
-
return false;
|
49 |
-
}
|
50 |
-
|
51 |
-
const payload = JSON.parse(atob(payloadB64));
|
52 |
-
const now = Math.floor(Date.now() / 1000);
|
53 |
-
|
54 |
-
return payload.exp > now;
|
55 |
-
} catch (error) {
|
56 |
-
console.error('Token verification failed:', error);
|
57 |
return false;
|
58 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
59 |
}
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
|
78 |
-
|
79 |
-
|
80 |
-
|
81 |
-
|
82 |
-
|
83 |
-
|
84 |
-
|
85 |
-
|
86 |
-
|
87 |
-
|
|
|
|
5 |
* @returns 生成的 token 字符串
|
6 |
*/
|
7 |
export async function generateToken(username: string, secret: string): Promise<string> {
|
8 |
+
// JWT 头部信息
|
9 |
+
const header = { alg: 'HS256', typ: 'JWT' };
|
10 |
+
// JWT 载荷信息
|
11 |
+
const payload = {
|
12 |
+
sub: username,
|
13 |
+
exp: Math.floor(Date.now() / 1000) + (30 * 24 * 60 * 60), //30天后过期
|
14 |
+
iat: Math.floor(Date.now() / 1000) // 签发时间
|
15 |
+
};
|
16 |
+
|
17 |
+
const encodedHeader = btoa(JSON.stringify(header));
|
18 |
+
const encodedPayload = btoa(JSON.stringify(payload));
|
19 |
+
const signature = await createHmacSignature(
|
20 |
+
`${encodedHeader}.${encodedPayload}`,
|
21 |
+
secret
|
22 |
+
);
|
23 |
+
|
24 |
+
return `${encodedHeader}.${encodedPayload}.${signature}`;
|
25 |
+
}
|
26 |
+
|
27 |
+
/**
|
28 |
+
* 验证 JWT token
|
29 |
+
* @param request 请求对象
|
30 |
+
* @param secret 密钥
|
31 |
+
* @returns 验证是否通过
|
32 |
+
*/
|
33 |
+
export async function verifyToken(request: Request, secret: string): Promise<boolean> {
|
34 |
+
let authHeader = request.headers.get('Authorization');
|
35 |
+
if (!authHeader) {
|
36 |
+
authHeader = request.headers.get('x-app-token');
|
37 |
+
}
|
38 |
+
if (!authHeader?.startsWith('Bearer ')) {
|
39 |
+
return false;
|
40 |
+
}
|
41 |
+
|
42 |
+
const token = authHeader.split(' ')[1];
|
43 |
+
try {
|
44 |
+
const [headerB64, payloadB64, signatureB64] = token.split('.');
|
45 |
+
const expectedSignature = await createHmacSignature(
|
46 |
+
`${headerB64}.${payloadB64}`,
|
47 |
secret
|
48 |
);
|
49 |
+
|
50 |
+
if (signatureB64 !== expectedSignature) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
51 |
return false;
|
52 |
}
|
53 |
+
|
54 |
+
const payload = JSON.parse(atob(payloadB64));
|
55 |
+
const now = Math.floor(Date.now() / 1000);
|
56 |
+
|
57 |
+
return payload.exp > now;
|
58 |
+
} catch (error) {
|
59 |
+
console.error('Token verification failed:', error);
|
60 |
+
return false;
|
61 |
}
|
62 |
+
}
|
63 |
+
|
64 |
+
/**
|
65 |
+
* 创建 HMAC 签名
|
66 |
+
* @param message 需要签名的消息
|
67 |
+
* @param secret 密钥
|
68 |
+
* @returns 签名字符串
|
69 |
+
*/
|
70 |
+
async function createHmacSignature(message: string, secret: string): Promise<string> {
|
71 |
+
const encoder = new TextEncoder();
|
72 |
+
const keyData = encoder.encode(secret);
|
73 |
+
const messageData = encoder.encode(message);
|
74 |
+
|
75 |
+
const cryptoKey = await crypto.subtle.importKey(
|
76 |
+
'raw',
|
77 |
+
keyData,
|
78 |
+
{ name: 'HMAC', hash: 'SHA-256' },
|
79 |
+
false,
|
80 |
+
['sign']
|
81 |
+
);
|
82 |
+
|
83 |
+
const signature = await crypto.subtle.sign(
|
84 |
+
'HMAC',
|
85 |
+
cryptoKey,
|
86 |
+
messageData
|
87 |
+
);
|
88 |
+
|
89 |
+
return btoa(String.fromCharCode(...new Uint8Array(signature)));
|
90 |
+
}
|