IM/open-im-server
1
0
Fork 0
mirror of https://github.com/openimsdk/open-im-server.git synced 2026-05-09 19:45:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Pr branch (#25)

Browse Source 
* fix update jwt-token version to avoid attackers to bypass intended access restrictions in situations with []string{} for m["aud"]

* del accountAddr
This commit is contained in:
Away
2021-10-22 21:20:31 +08:00
committed by GitHub
parent 0e6432f95a
commit d6ba0a803d
4 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/utils/jwt_token.go
+4 -5
View File
@@ -4,9 +4,8 @@ import (
"Open_IM/src/common/config"
"Open_IM/src/common/db"
"errors"
"github.com/golang-jwt/jwt/v4"
"time"
"github.com/dgrijalva/jwt-go"
)
var (
@@ -23,7 +22,7 @@ type Claims struct {
jwt.StandardClaims
}
func BuildClaims(uid, accountAddr, platform string, ttl int64) Claims {
func BuildClaims(uid, platform string, ttl int64) Claims {
now := time.Now().Unix()
//if ttl=-1 Permanent token
expiresAt := int64(-1)
@@ -41,8 +40,8 @@ func BuildClaims(uid, accountAddr, platform string, ttl int64) Claims {
}}
}
func CreateToken(userID, accountAddr string, platform int32) (string, int64, error) {
claims := BuildClaims(userID, accountAddr, PlatformIDToName(platform), config.Config.TokenPolicy.AccessExpire)
func CreateToken(userID string, platform int32) (string, int64, error) {
claims := BuildClaims(userID, PlatformIDToName(platform), config.Config.TokenPolicy.AccessExpire)
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err := token.SignedString([]byte(config.Config.TokenPolicy.AccessSecret))