MCPcopy
hub / github.com/AstrBotDevs/AstrBot / _validate_dashboard_token

Method _validate_dashboard_token

astrbot/dashboard/server.py:317–349  ·  view source on GitHub ↗

Validate a dashboard JWT or scoped plugin page asset token. Args: token: JWT value from the Authorization header, cookie, or query string. path: Current request path used for plugin page asset token scope checks. Returns: A tuple of the decoded p

(
        self,
        token: str,
        path: str,
    )

Source from the content-addressed store, hash-verified

315 return r
316
317 def _validate_dashboard_token(
318 self,
319 token: str,
320 path: str,
321 ) -> tuple[dict[str, Any] | None, str]:
322 """Validate a dashboard JWT or scoped plugin page asset token.
323
324 Args:
325 token: JWT value from the Authorization header, cookie, or query string.
326 path: Current request path used for plugin page asset token scope checks.
327
328 Returns:
329 A tuple of the decoded payload and an error message. The payload is
330 present only when the token is valid for the current request path.
331 """
332 try:
333 payload = jwt.decode(token, self._jwt_secret, algorithms=["HS256"])
334 except jwt.ExpiredSignatureError:
335 return None, "Token 过期"
336 except jwt.InvalidTokenError:
337 return None, "Token 无效"
338
339 if PluginPageAuth.is_asset_token(payload) and not PluginPageAuth.is_scope_valid(
340 payload,
341 path,
342 ):
343 return None, "Token 无效"
344
345 username = payload.get("username")
346 if not isinstance(username, str) or not username.strip():
347 return None, "Token 无效"
348
349 return payload, ""
350
351 async def _apply_auth_rate_limit(
352 self,

Callers 1

auth_middlewareMethod · 0.95

Calls 4

decodeMethod · 0.80
is_asset_tokenMethod · 0.80
is_scope_validMethod · 0.80
getMethod · 0.45

Tested by

no test coverage detected