scottpan/huangjingfen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): fail closed on token and validation checks

Browse Source 
Made-with: Cursor
This commit is contained in:
apple
2026-04-29 17:32:08 +08:00
parent d6b9d1d0e3
commit 7e9c5105bb
5 changed files with 31 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pro_v3.5.1/app/services/auth/AccessTokenService.php
View File

@@ -32,10 +32,11 @@ class AccessTokenService
*
* @param callable $resolver 根据 token 内的 id 读取账号模型或数组
* @param callable $authHashResolver 根据账号返回当前有效的 auth hash
* @param callable|null $accountValidator 根据账号判断当前 token 是否仍可用
* @return mixed
* @throws \Psr\SimpleCache\InvalidArgumentException
*/
public function parseToken(string $token, string $type, callable $resolver, callable $authHashResolver)
public function parseToken(string $token, string $type, callable $resolver, callable $authHashResolver, callable $accountValidator = null)
{
if (!$token || $token === 'undefined') {
throw new AuthException(ApiErrorCode::ERR_LOGIN);
@@ -78,6 +79,11 @@ class AccessTokenService
throw new AuthException(ApiErrorCode::ERR_LOGIN);
}
if ($accountValidator && !$accountValidator($account)) {
$this->clearToken($md5Token, $type);
throw new AuthException(ApiErrorCode::ERR_LOGIN_INVALID);
}
if ($auth !== $authHashResolver($account)) {
throw new AuthException(ApiErrorCode::ERR_LOGIN_INVALID);
}