Update from GitHub Actions

functions/api/login.ts

@@ -10,10 +10,6 @@ export const onRequest = async (context: RouteContext): Promise<Response> => {
         if (credentials.username === env.USER_NAME && credentials.password === env.PASSWORD) {
             // 生成JWT令牌
             let token = await generateToken(credentials.username, env.JWT_SECRET);
-            if(env.HF_TOKEN)
-            {
-                token = env.HF_TOKEN;
-            }
             return new Response(
                 JSON.stringify({
                     success: true,

functions/types.d.ts

@@ -10,7 +10,6 @@ interface Env {
   JWT_SECRET: string;   // JWT 密钥
   USER_NAME: string;    // 用户名
   PASSWORD: string;     // 密码
-  HF_TOKEN: string; //抱脸改了规则
   ENTRA_CLIENT_ID: string;
   ENTRA_CLIENT_SECRET: string;
   AUTH_REDIRECT_URI: string;

functions/utils/auth.ts

@@ -8,20 +8,7 @@ import { verifyToken } from './jwt.js';
  * @returns 如果认证失败返回错误响应，否则返回 null
  */
 export async function authMiddleware(request: Request, env: Env): Promise<Response | null> {
-    console.log(request.headers);
     let isValid = await verifyToken(request, env.JWT_SECRET);
-    if (env.HF_TOKEN) {
-        const authHeader = request.headers.get('Authorization');
-        if (!authHeader?.startsWith('Bearer ')) {
-            isValid = false;
-        }
-        else {
-            const token = authHeader.split(' ')[1];
-            if (token == env.HF_TOKEN) {
-                isValid = true;
-            }
-        }
-    }
     if (!isValid) {
         return new Response(
             JSON.stringify({ error: 'Unauthorized' }),

functions/utils/jwt.ts

@@ -5,83 +5,86 @@
  * @returns 生成的 token 字符串
  */
 export async function generateToken(username: string, secret: string): Promise<string> {
-    // JWT 头部信息
-    const header = { alg: 'HS256', typ: 'JWT' };
-    // JWT 载荷信息
-    const payload = {
-      sub: username,
-      exp: Math.floor(Date.now() / 1000) + (30 * 24 * 60 * 60), //30天后过期
-      iat: Math.floor(Date.now() / 1000) // 签发时间
-    };
-  
-    const encodedHeader = btoa(JSON.stringify(header));
-    const encodedPayload = btoa(JSON.stringify(payload));
-    const signature = await createHmacSignature(
-      `${encodedHeader}.${encodedPayload}`,
+  // JWT 头部信息
+  const header = { alg: 'HS256', typ: 'JWT' };
+  // JWT 载荷信息
+  const payload = {
+    sub: username,
+    exp: Math.floor(Date.now() / 1000) + (30 * 24 * 60 * 60), //30天后过期
+    iat: Math.floor(Date.now() / 1000) // 签发时间
+  };
+
+  const encodedHeader = btoa(JSON.stringify(header));
+  const encodedPayload = btoa(JSON.stringify(payload));
+  const signature = await createHmacSignature(
+    `${encodedHeader}.${encodedPayload}`,
+    secret
+  );
+
+  return `${encodedHeader}.${encodedPayload}.${signature}`;
+}
+
+/**
+ * 验证 JWT token
+ * @param request 请求对象
+ * @param secret 密钥
+ * @returns 验证是否通过
+ */
+export async function verifyToken(request: Request, secret: string): Promise<boolean> {
+  let authHeader = request.headers.get('Authorization');
+  if (!authHeader) {
+    authHeader = request.headers.get('x-app-token');
+  }
+  if (!authHeader?.startsWith('Bearer ')) {
+    return false;
+  }
+
+  const token = authHeader.split(' ')[1];
+  try {
+    const [headerB64, payloadB64, signatureB64] = token.split('.');
+    const expectedSignature = await createHmacSignature(
+      `${headerB64}.${payloadB64}`,
       secret
     );
-  
-    return `${encodedHeader}.${encodedPayload}.${signature}`;
-  }
-  
-  /**
-   * 验证 JWT token
-   * @param request 请求对象
-   * @param secret 密钥
-   * @returns 验证是否通过
-   */
-  export async function verifyToken(request: Request, secret: string): Promise<boolean> {
-    const authHeader = request.headers.get('Authorization');
-    if (!authHeader?.startsWith('Bearer ')) {
-      return false;
-    }
-  
-    const token = authHeader.split(' ')[1];
-    try {
-      const [headerB64, payloadB64, signatureB64] = token.split('.');
-      const expectedSignature = await createHmacSignature(
-        `${headerB64}.${payloadB64}`,
-        secret
-      );
-  
-      if (signatureB64 !== expectedSignature) {
-        return false;
-      }
-  
-      const payload = JSON.parse(atob(payloadB64));
-      const now = Math.floor(Date.now() / 1000);
-  
-      return payload.exp > now;
-    } catch (error) {
-      console.error('Token verification failed:', error);
+
+    if (signatureB64 !== expectedSignature) {
       return false;
     }
+
+    const payload = JSON.parse(atob(payloadB64));
+    const now = Math.floor(Date.now() / 1000);
+
+    return payload.exp > now;
+  } catch (error) {
+    console.error('Token verification failed:', error);
+    return false;
   }
-  
-  /**
-   * 创建 HMAC 签名
-   * @param message 需要签名的消息
-   * @param secret 密钥
-   * @returns 签名字符串
-   */
-  async function createHmacSignature(message: string, secret: string): Promise<string> {
-    const encoder = new TextEncoder();
-    const keyData = encoder.encode(secret);
-    const messageData = encoder.encode(message);
-  
-    const cryptoKey = await crypto.subtle.importKey(
-      'raw',
-      keyData,
-      { name: 'HMAC', hash: 'SHA-256' },
-      false,
-      ['sign']
-    );
-  
-    const signature = await crypto.subtle.sign(
-      'HMAC',
-      cryptoKey,
-      messageData
-    );
-  
-    return btoa(String.fromCharCode(...new Uint8Array(signature)));
-  }
+}
+
+/**
+ * 创建 HMAC 签名
+ * @param message 需要签名的消息
+ * @param secret 密钥
+ * @returns 签名字符串
+ */
+async function createHmacSignature(message: string, secret: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const keyData = encoder.encode(secret);
+  const messageData = encoder.encode(message);
+
+  const cryptoKey = await crypto.subtle.importKey(
+    'raw',
+    keyData,
+    { name: 'HMAC', hash: 'SHA-256' },
+    false,
+    ['sign']
+  );
+
+  const signature = await crypto.subtle.sign(
+    'HMAC',
+    cryptoKey,
+    messageData
+  );
+
+  return btoa(String.fromCharCode(...new Uint8Array(signature)));
+}