feat: 更新token验证逻辑，支持jwks类型token并增强用户验证

2026-02-28 04:25:37 +08:00
parent 999a75c76b
commit 1ae4c979dc
1 changed files with 19 additions and 2 deletions
--- a/src/auth/models/user-secret.ts
+++ b/src/auth/models/user-secret.ts
@@ -53,10 +53,27 @@ export class UserSecret {
   * @returns
   */
  static async verifyToken(token: string) {
-    if (token?.includes?.('.')) {
+    if (oauth.getTokenType(token) === 'jwks') {
      // 先尝试作为jwt token验证，如果验证成功则直接返回用户信息
      console.log('[jwksManager] 验证token');
-      return await jwksManager.verify(token);
+      const verified = await jwksManager.verify(token);
+      if (verified) {
+        const sub = verified.sub;
+        const userId = sub.split(':')[1];
+        const user = await User.findByPk(userId);
+        if (!user) {
+          console.warn(`[jwksManager] 验证token成功，但用户不存在，userId: ${userId}`);
+          return null;
+        }
+        const oauthUser = oauth.getOauthUser({
+          id: user.id,
+          username: user.username,
+          type: user.type,
+        });
+        return oauthUser;
+      } else {
+        return null;
+      }
    }
    if (!oauth.isSecretKey(token)) {
      return await oauth.verifyToken(token);