oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/mt21625457/aicodex2api

Browse Source
This commit is contained in:
yangjianbo
2025-12-30 14:15:52 +08:00
parent e5c314092d 64b8219245
commit 809ea23587
7 changed files with 167 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/internal/server/middleware/jwt_auth.go
View File

@@ -61,6 +61,13 @@ func jwtAuth(authService *service.AuthService, userService *service.UserService)
return
}
// Security: Validate TokenVersion to ensure token hasn't been invalidated
// This check ensures tokens issued before a password change are rejected
if claims.TokenVersion != user.TokenVersion {
AbortWithError(c, 401, "TOKEN_REVOKED", "Token has been revoked (password changed)")
return
}
c.Set(string(ContextKeyUser), AuthSubject{
UserID: user.ID,
Concurrency: user.Concurrency,