pengjunjie/server
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/server.git synced 2026-02-10 18:05:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bug] Fix crash in getJwtHsKey; Uses validation approach from jsonwebtoken library

Browse Source
This commit is contained in:
Sergey Konovalov
2025-11-09 11:08:29 +03:00
parent 1d8d90ffd7
commit 22ab7500bd
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Common/sources/utils.js
View File

@ -1108,13 +1108,18 @@ const jwtKeyCache = Object.create(null);
/** /**
* Gets or creates a cached symmetric key for JWT verification (HS256/HS384/HS512). * Gets or creates a cached symmetric key for JWT verification (HS256/HS384/HS512).
* Caches crypto.KeyObject to avoid expensive key creation on every request. * Caches crypto.KeyObject to avoid expensive key creation on every request.
* @param {string} secret - JWT symmetric secret * Uses the same validation approach as jsonwebtoken library.
* @returns {crypto.KeyObject} Cached secret key object * @param {string|Buffer} secret - JWT symmetric secret
* @returns {crypto.KeyObject|undefined} Cached secret key object, or undefined when secret is missing/invalid
*/ */
function getJwtHsKey(secret) { function getJwtHsKey(secret) {
let res = jwtKeyCache[secret]; let res = jwtKeyCache[secret];
if (!res) { if (!res && secret != null) {
res = jwtKeyCache[secret] = crypto.createSecretKey(Buffer.from(secret, 'utf8')); try {
res = jwtKeyCache[secret] = crypto.createSecretKey(typeof secret === 'string' ? Buffer.from(secret, 'utf8') : secret);
} catch {
return undefined;
}
} }
return res; return res;
} }