CrescentLeaf/LingChair
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: 令牌驗證額外添加是否為有效令牌

Browse Source 
* 如果解密無效, 直接返回一個無效的令牌, 並加以判斷
This commit is contained in:
CrescentLeaf
2025-09-25 12:12:12 +08:00
parent 9cc3a2149e
commit 4fa3e16ab7
4 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/api/FileTokenManager.ts
View File

@@ -22,9 +22,13 @@ export default class FileTokenManager {
}
static decode(token: string) {
if (token == null) throw new Error('令牌為空!')
return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update(
Buffer.from(token, 'hex')
).toString()) as Token
try {
return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update(
Buffer.from(token, 'hex')
).toString()) as Token
} catch(e) {
throw new Error('令牌無效!')
}
}
/**