From 1ae4c979dc0f4994a06691cc5a88b4c5a68e5e85 Mon Sep 17 00:00:00 2001
From: abearxiong <xiongxiao@xiongxiao.me>
Date: Sat, 28 Feb 2026 04:25:37 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0token=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E9=80=BB=E8=BE=91=EF=BC=8C=E6=94=AF=E6=8C=81jwks?=
 =?UTF-8?q?=E7=B1=BB=E5=9E=8Btoken=E5=B9=B6=E5=A2=9E=E5=BC=BA=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/auth/models/user-secret.ts | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/auth/models/user-secret.ts b/src/auth/models/user-secret.ts
index 16035cd..e2fcd24 100644
--- a/src/auth/models/user-secret.ts
+++ b/src/auth/models/user-secret.ts
@@ -53,10 +53,27 @@ export class UserSecret {
    * @returns
    */
   static async verifyToken(token: string) {
-    if (token?.includes?.('.')) {
+    if (oauth.getTokenType(token) === 'jwks') {
       // 先尝试作为jwt token验证，如果验证成功则直接返回用户信息
       console.log('[jwksManager] 验证token');
-      return await jwksManager.verify(token);
+      const verified = await jwksManager.verify(token);
+      if (verified) {
+        const sub = verified.sub;
+        const userId = sub.split(':')[1];
+        const user = await User.findByPk(userId);
+        if (!user) {
+          console.warn(`[jwksManager] 验证token成功，但用户不存在，userId: ${userId}`);
+          return null;
+        }
+        const oauthUser = oauth.getOauthUser({
+          id: user.id,
+          username: user.username,
+          type: user.type,
+        });
+        return oauthUser;
+      } else {
+        return null;
+      }
     }
     if (!oauth.isSecretKey(token)) {
       return await oauth.verifyToken(token);