fix: 令牌驗證額外添加是否為有效令牌

* 如果解密無效, 直接返回一個無效的令牌, 並加以判斷
2025-09-25 12:12:12 +08:00
parent 9cc3a2149e
commit 4fa3e16ab7
4 changed files with 16 additions and 8 deletions
--- a/server/api/TokenManager.ts
+++ b/server/api/TokenManager.ts
@@ -23,9 +23,13 @@ export default class TokenManager {
    }
    static decode(token: string) {
        if (token == null) throw new Error('令牌為空!')
-        return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key), '01234567890123456').update(
-            Buffer.from(token, 'hex')
-        ).toString()) as Token
+        try {
+            return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key), '01234567890123456').update(
+                Buffer.from(token, 'hex')
+            ).toString()) as Token
+        } catch(e) {
+            return {} as Token
+        }
    }

    static make(user: User, time_: number | null | undefined, device_id: string) {