@lobehub/chat 1.105.0 → 1.105.2

package/src/utils/server/jwt.test.ts

@@ -1,62 +0,0 @@
-import { describe, expect, it, vi } from 'vitest';
-
-import { NON_HTTP_PREFIX } from '@/const/auth';
-
-import { getJWTPayload } from './jwt';
-
-let enableClerkMock = false;
-let enableNextAuthMock = false;
-
-vi.mock('@/const/auth', async (importOriginal) => {
-  const data = await importOriginal();
-
-  return {
-    ...(data as any),
-    get enableClerk() {
-      return enableClerkMock;
-    },
-    get enableNextAuth() {
-      return enableNextAuthMock;
-    },
-  };
-});
-
-vi.mock('@/envs/app', () => ({
-  getAppConfig: vi.fn(),
-}));
-
-describe('getJWTPayload', () => {
-  it('should parse JWT payload for non-HTTPS token', async () => {
-    const token = `${NON_HTTP_PREFIX}.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ`;
-    const payload = await getJWTPayload(token);
-    expect(payload).toEqual({
-      sub: '1234567890',
-      name: 'John Doe',
-      iat: 1516239022,
-    });
-  });
-
-  it('should verify and parse JWT payload for HTTPS token', async () => {
-    const token =
-      'eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NDb2RlIjoiIiwidXNlcklkIjoiMDAxMzYyYzMtNDhjNS00NjM1LWJkM2ItODM3YmZmZjU4ZmMwIiwiYXBpS2V5IjoiYWJjIiwiZW5kcG9pbnQiOiJhYmMiLCJpYXQiOjE3MTY4MDIyMjUsImV4cCI6MTAwMDAwMDAwMDE3MTY4MDIwMDB9.FF0FxsE8Cajs-_hv5GD0TNUDwvekAkI9l_LL_IOPdGQ';
-    const payload = await getJWTPayload(token);
-    expect(payload).toEqual({
-      accessCode: '',
-      apiKey: 'abc',
-      endpoint: 'abc',
-      exp: 10000000001716802000,
-      iat: 1716802225,
-      userId: '001362c3-48c5-4635-bd3b-837bfff58fc0',
-    });
-  });
-
-  it('should not verify success and parse JWT payload for dated token', async () => {
-    const token =
-      'eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NDb2RlIjoiIiwidXNlcklkIjoiYWY3M2JhODktZjFhMy00YjliLWEwM2QtZGViZmZlMzE4NmQxIiwiYXBpS2V5IjoiYWJjIiwiZW5kcG9pbnQiOiJhYmMiLCJpYXQiOjE3MTY3OTk5ODAsImV4cCI6MTcxNjgwMDA4MH0.8AGFsLcwyrQG82kVUYOGFXHIwihm2n16ctyArKW9100';
-    try {
-      await getJWTPayload(token);
-    } catch (e) {
-      expect((e as Error).message).toEqual('"exp" claim timestamp check failed');
-    }
-  });
-});

package/src/utils/server/jwt.ts

@@ -1,28 +0,0 @@
-import { importJWK, jwtVerify } from 'jose';
-
-import { JWTPayload, JWT_SECRET_KEY, NON_HTTP_PREFIX } from '@/const/auth';
-
-export const getJWTPayload = async (token: string): Promise<JWTPayload> => {
-  //如果是 HTTP 协议发起的请求，直接解析 token
-  // 这是一个非常 hack 的解决方案，未来要找更好的解决方案来处理这个问题
-  // refs: https://github.com/lobehub/lobe-chat/pull/1238
-  if (token.startsWith(NON_HTTP_PREFIX)) {
-    const jwtParts = token.split('.');
-
-    const payload = jwtParts[1];
-
-    return JSON.parse(atob(payload));
-  }
-
-  const encoder = new TextEncoder();
-  const secretKey = await crypto.subtle.digest('SHA-256', encoder.encode(JWT_SECRET_KEY));
-
-  const jwkSecretKey = await importJWK(
-    { k: Buffer.from(secretKey).toString('base64'), kty: 'oct' },
-    'HS256',
-  );
-
-  const { payload } = await jwtVerify(token, jwkSecretKey);
-
-  return payload as JWTPayload;
-};