nav/Fabric.Backend.Center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(center): introspect relies on api key auth instead of shared secret

Browse Source
This commit is contained in:
nav
2026-05-13 08:36:06 +00:00
parent cfa5ccdfaf
commit 1c07f43032
2 changed files with 3 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/auth/auth.controller.ts
View File

@@ -37,10 +37,7 @@ export class AuthController {
} }
@Post('introspect') @Post('introspect')
introspect( introspect(@Body() body: { token?: string; guildNodeId?: string }) {
@Body() body: { token?: string; guildNodeId?: string }, return this.authService.introspectGuildToken(body?.token ?? '', body?.guildNodeId ?? '');
@Headers('x-center-shared-secret') sharedSecret?: string,
) {
return this.authService.introspectGuildToken(body?.token ?? '', body?.guildNodeId ?? '', sharedSecret);
} }
} }

8
src/auth/auth.service.ts
View File

@@ -1,7 +1,6 @@
import { import {
ConflictException, ConflictException,
Injectable, Injectable,
ForbiddenException,
UnauthorizedException, UnauthorizedException,
} from '@nestjs/common'; } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm'; import { InjectRepository } from '@nestjs/typeorm';
@@ -175,12 +174,7 @@ export class AuthService {
} }
} }
async introspectGuildToken(token: string, guildNodeId: string, sharedSecret?: string) { async introspectGuildToken(token: string, guildNodeId: string) {
const expectedSecret = process.env.CENTER_SHARED_SECRET as string;
if (!sharedSecret || sharedSecret !== expectedSecret) {
throw new ForbiddenException('invalid shared secret');
}
let payload: jwt.JwtPayload; let payload: jwt.JwtPayload;
try { try {
payload = jwt.verify(token, process.env.JWT_ACCESS_SECRET as string) as jwt.JwtPayload; payload = jwt.verify(token, process.env.JWT_ACCESS_SECRET as string) as jwt.JwtPayload;