open-source/qinglong
1
0
Fork 0
mirror of https://github.com/whyour/qinglong.git synced 2025-12-16 17:35:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication for regular users by validating JWT tokens

Browse Source 
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-11-10 18:10:16 +00:00
parent bf9be821ba
commit 6aefc61be6
2 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
back/loaders/express.ts
View File

@ -88,6 +88,13 @@ export default ({ app }: { app: Application }) => {
return next(); return next();
} }
// If JWT has been successfully verified by expressjwt middleware, allow the request
// This handles regular users whose tokens are not stored in authInfo
if (req.auth) {
return next();
}
// For system admin, also check against stored token
const authInfo = await shareStore.getAuthInfo(); const authInfo = await shareStore.getAuthInfo();
if (authInfo && headerToken) { if (authInfo && headerToken) {
const { token = '', tokens = {} } = authInfo; const { token = '', tokens = {} } = authInfo;

26
back/loaders/sock.ts
View File

@ -4,6 +4,8 @@ import { Container } from 'typedi';
import SockService from '../services/sock'; import SockService from '../services/sock';
import { getPlatform } from '../config/util'; import { getPlatform } from '../config/util';
import { shareStore } from '../shared/store'; import { shareStore } from '../shared/store';
import jwt from 'jsonwebtoken';
import config from '../config';
export default async ({ server }: { server: Server }) => { export default async ({ server }: { server: Server }) => {
const echo = sockJs.createServer({ prefix: '/api/ws', log: () => {} }); const echo = sockJs.createServer({ prefix: '/api/ws', log: () => {} });
@ -14,12 +16,33 @@ export default async ({ server }: { server: Server }) => {
conn.close('404'); conn.close('404');
} }
const authInfo = await shareStore.getAuthInfo();
const platform = getPlatform(conn.headers['user-agent'] || '') || 'desktop'; const platform = getPlatform(conn.headers['user-agent'] || '') || 'desktop';
const headerToken = conn.url.replace(`${conn.pathname}?token=`, ''); const headerToken = conn.url.replace(`${conn.pathname}?token=`, '');
let isAuthenticated = false;
// First try to verify JWT token (for regular users)
if (headerToken) {
try {
jwt.verify(headerToken, config.jwt.secret, { algorithms: ['HS384'] });
isAuthenticated = true;
} catch (error) {
// JWT verification failed, will try authInfo check next
}
}
// Also check against stored token for system admin
if (!isAuthenticated) {
const authInfo = await shareStore.getAuthInfo();
if (authInfo) { if (authInfo) {
const { token = '', tokens = {} } = authInfo; const { token = '', tokens = {} } = authInfo;
if (headerToken === token || tokens[platform] === headerToken) { if (headerToken === token || tokens[platform] === headerToken) {
isAuthenticated = true;
}
}
}
if (isAuthenticated) {
sockService.addClient(conn); sockService.addClient(conn);
conn.on('data', (message) => { conn.on('data', (message) => {
@ -32,7 +55,6 @@ export default async ({ server }: { server: Server }) => {
return; return;
} }
}
conn.close('404'); conn.close('404');
}); });