Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance send file download token with JTI for improved validation

Browse Source
This commit is contained in:
shuaiplus
2026-03-05 01:31:02 +08:00
parent 12024203be
commit 9db92d13ab
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/utils/jwt.ts
+11
View File
@@ -181,6 +181,7 @@ export async function verifyFileDownloadToken(
export interface SendFileDownloadClaims {
sendId: string;
fileId: string;
jti: string;
exp: number;
}
@@ -194,6 +195,7 @@ export async function createSendFileDownloadToken(
const payload: SendFileDownloadClaims = {
sendId,
fileId,
jti: createRefreshToken(),
exp: now + LIMITS.auth.fileDownloadTokenTtlSeconds,
};
@@ -240,6 +242,15 @@ export async function verifySendFileDownloadToken(
if (!valid) return null;
const payload: SendFileDownloadClaims = JSON.parse(new TextDecoder().decode(base64UrlDecode(payloadB64)));
if (
typeof payload.sendId !== 'string' ||
typeof payload.fileId !== 'string' ||
typeof payload.jti !== 'string' ||
!payload.jti ||
typeof payload.exp !== 'number'
) {
return null;
}
const now = Math.floor(Date.now() / 1000);
if (payload.exp < now) return null;