Validate a dashboard JWT or scoped plugin page asset token. Args: token: JWT value from the Authorization header, cookie, or query string. path: Current request path used for plugin page asset token scope checks. Returns: A tuple of the decoded p
(
self,
token: str,
path: str,
)
| 315 | return r |
| 316 | |
| 317 | def _validate_dashboard_token( |
| 318 | self, |
| 319 | token: str, |
| 320 | path: str, |
| 321 | ) -> tuple[dict[str, Any] | None, str]: |
| 322 | """Validate a dashboard JWT or scoped plugin page asset token. |
| 323 | |
| 324 | Args: |
| 325 | token: JWT value from the Authorization header, cookie, or query string. |
| 326 | path: Current request path used for plugin page asset token scope checks. |
| 327 | |
| 328 | Returns: |
| 329 | A tuple of the decoded payload and an error message. The payload is |
| 330 | present only when the token is valid for the current request path. |
| 331 | """ |
| 332 | try: |
| 333 | payload = jwt.decode(token, self._jwt_secret, algorithms=["HS256"]) |
| 334 | except jwt.ExpiredSignatureError: |
| 335 | return None, "Token 过期" |
| 336 | except jwt.InvalidTokenError: |
| 337 | return None, "Token 无效" |
| 338 | |
| 339 | if PluginPageAuth.is_asset_token(payload) and not PluginPageAuth.is_scope_valid( |
| 340 | payload, |
| 341 | path, |
| 342 | ): |
| 343 | return None, "Token 无效" |
| 344 | |
| 345 | username = payload.get("username") |
| 346 | if not isinstance(username, str) or not username.strip(): |
| 347 | return None, "Token 无效" |
| 348 | |
| 349 | return payload, "" |
| 350 | |
| 351 | async def _apply_auth_rate_limit( |
| 352 | self, |
no test coverage detected