修改goolge oauth idtoken验证规则

2022-11-09 14:48:32 +08:00 · 2022-11-09 14:48:32 +08:00 · 1124ddb4fd
commit 1124ddb4fd
parent 9eb50a3afd
4 changed files with 11 additions and 8 deletions
--- a/.env.development
+++ b/.env.development
@ -1,8 +1,9 @@
 API_PORT=3007
-API_HOST=10.0.1.3
+API_HOST=0.0.0.0
 API_TOKEN_SECRET=sdf(**&*&xx2213
 API_TOKEN_EXPIRESIN=1d


-GOOGLE_OAUTH_CLIENT="165555585193-glmtnb94s3kkq906hal72ppiuoqpjjc5.apps.googleusercontent.com"
+GOOGLE_OAUTH_CLIENT="53206975661-asnf3qe4bg29p8h981pgf099osvrjbme.apps.googleusercontent.com"
+GOOGLE_OAUTH_CLIENT2="53206975661-ih3r0ubph3rqejdq97b029difbrk2bqj.apps.googleusercontent.com"
 DB_MAIN=mongodb://localhost/wallet-development
--- a/.env.production
+++ b/.env.production
@ -1,7 +1,8 @@
 API_PORT=3086
-API_HOST=198.168.100.22
+API_HOST=0.0.0.0
 API_TOKEN_SECRET=sdf(**&*&xx2214
 API_TOKEN_EXPIRESIN=1d

-GOOGLE_OAUTH_CLIENT="165555585193-glmtnb94s3kkq906hal72ppiuoqpjjc5.apps.googleusercontent.com"
+GOOGLE_OAUTH_CLIENT="53206975661-asnf3qe4bg29p8h981pgf099osvrjbme.apps.googleusercontent.com"
+GOOGLE_OAUTH_CLIENT2="53206975661-ih3r0ubph3rqejdq97b029difbrk2bqj.apps.googleusercontent.com"
 DB_MAIN=mongodb://127.0.0.1/wallet-production
--- a/boundle.sh
+++ b/boundle.sh
@ -1,8 +1,8 @@
 #!/bin/bash

-source /etc/profile
+# source /etc/profile
 # npm install --prefer-offline --loglevel info --unsafe-perm=true --allow-root >> boundle.log
-npm run build
+# npm run build
 mkdir tmp
 mv dist tmp/dist
 mv node_modules tmp/node_modules
--- a/src/controllers/main.controllers.ts
+++ b/src/controllers/main.controllers.ts
@ -23,10 +23,11 @@ class MainController extends BaseController {
  async checkGoogleJwt(req, res) {
    const { token } = req.params
    const CLIENT_ID = process.env.GOOGLE_OAUTH_CLIENT
+    const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
    const client = new OAuth2Client(CLIENT_ID)
    const ticket = await client.verifyIdToken({
      idToken: token,
-      audience: CLIENT_ID, // Specify the CLIENT_ID of the app that accesses the backend
+      audience: [CLIENT_ID, CLIENT_ID2], // Specify the CLIENT_ID of the app that accesses the backend
      // Or, if multiple clients access the backend:
      //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
    })
@ -34,7 +35,7 @@ class MainController extends BaseController {
    if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
      throw new ZError(10, 'id token error')
    }
-    if (payload.aud !== CLIENT_ID) {
+    if (payload.aud !== CLIENT_ID && payload.aud !== CLIENT_ID2) {
      throw new ZError(11, 'client id mismatch')
    }
    const openId = payload.sub