crypto/wallet-svr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改goolge oauth idtoken验证规则

Browse Source
This commit is contained in:
cebgcontract 2022-11-09 14:48:32 +08:00
parent 9eb50a3afd
commit 1124ddb4fd
4 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.env.development
View File

@ -1,8 +1,9 @@
API_PORT=3007 API_PORT=3007
API_HOST=10.0.1.3 API_HOST=0.0.0.0
API_TOKEN_SECRET=sdf(**&*&xx2213 API_TOKEN_SECRET=sdf(**&*&xx2213
API_TOKEN_EXPIRESIN=1d API_TOKEN_EXPIRESIN=1d
GOOGLE_OAUTH_CLIENT="165555585193-glmtnb94s3kkq906hal72ppiuoqpjjc5.apps.googleusercontent.com" GOOGLE_OAUTH_CLIENT="53206975661-asnf3qe4bg29p8h981pgf099osvrjbme.apps.googleusercontent.com"
GOOGLE_OAUTH_CLIENT2="53206975661-ih3r0ubph3rqejdq97b029difbrk2bqj.apps.googleusercontent.com"
DB_MAIN=mongodb://localhost/wallet-development DB_MAIN=mongodb://localhost/wallet-development

5
.env.production
View File

@ -1,7 +1,8 @@
API_PORT=3086 API_PORT=3086
API_HOST=198.168.100.22 API_HOST=0.0.0.0
API_TOKEN_SECRET=sdf(**&*&xx2214 API_TOKEN_SECRET=sdf(**&*&xx2214
API_TOKEN_EXPIRESIN=1d API_TOKEN_EXPIRESIN=1d
GOOGLE_OAUTH_CLIENT="165555585193-glmtnb94s3kkq906hal72ppiuoqpjjc5.apps.googleusercontent.com" GOOGLE_OAUTH_CLIENT="53206975661-asnf3qe4bg29p8h981pgf099osvrjbme.apps.googleusercontent.com"
GOOGLE_OAUTH_CLIENT2="53206975661-ih3r0ubph3rqejdq97b029difbrk2bqj.apps.googleusercontent.com"
DB_MAIN=mongodb://127.0.0.1/wallet-production DB_MAIN=mongodb://127.0.0.1/wallet-production

4
boundle.sh
View File

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
source /etc/profile # source /etc/profile
# npm install --prefer-offline --loglevel info --unsafe-perm=true --allow-root >> boundle.log # npm install --prefer-offline --loglevel info --unsafe-perm=true --allow-root >> boundle.log
npm run build # npm run build
mkdir tmp mkdir tmp
mv dist tmp/dist mv dist tmp/dist
mv node_modules tmp/node_modules mv node_modules tmp/node_modules

5
src/controllers/main.controllers.ts
View File

@ -23,10 +23,11 @@ class MainController extends BaseController {
async checkGoogleJwt(req, res) { async checkGoogleJwt(req, res) {
const { token } = req.params const { token } = req.params
const CLIENT_ID = process.env.GOOGLE_OAUTH_CLIENT const CLIENT_ID = process.env.GOOGLE_OAUTH_CLIENT
const CLIENT_ID2 = process.env.GOOGLE_OAUTH_CLIENT2
const client = new OAuth2Client(CLIENT_ID) const client = new OAuth2Client(CLIENT_ID)
const ticket = await client.verifyIdToken({ const ticket = await client.verifyIdToken({
idToken: token, idToken: token,
audience: CLIENT_ID, // Specify the CLIENT_ID of the app that accesses the backend audience: [CLIENT_ID, CLIENT_ID2], // Specify the CLIENT_ID of the app that accesses the backend
// Or, if multiple clients access the backend: // Or, if multiple clients access the backend:
//[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3] //[CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]
}) })
@ -34,7 +35,7 @@ class MainController extends BaseController {
if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) { if (!(payload.iss === GOOGLE_OAUTH_ISS || payload.iss === GOOGLE_OAUTH_ISS1)) {
throw new ZError(10, 'id token error') throw new ZError(10, 'id token error')
} }
if (payload.aud !== CLIENT_ID) { if (payload.aud !== CLIENT_ID && payload.aud !== CLIENT_ID2) {
throw new ZError(11, 'client id mismatch') throw new ZError(11, 'client id mismatch')
} }
const openId = payload.sub const openId = payload.sub