cdrop — 跨 OS 剪贴板与文件传输服务
Commilitia Drop:自托管的跨设备剪贴板同步与点对点文件传输。 - 后端 Go(chi / SQLite WAL / SSE Hub / WebRTC signaling + 状态机 / Relay ring buffer),编译进单个 distroless 镜像(前端 go:embed)。 - 前端 React + TanStack Router + Zustand,自实现 SSE + WebRTC P2P,NAT 受阻时回退服务端中继;聚珍(Juzhen)CJK 综合排版。 - 桌面端 Wails v2(macOS / Windows),瘦客户端复用 web。 - 鉴权 OIDC PKCE(自建 Casdoor 等),refresh_token 信封加密存系统密钥库;iOS Shortcut 用 HS256 scoped token。 架构文档与变更记录见 docs 分支(PROJECT_BRIEF / FRONTEND_DESIGN / CHANGELOG)。 本次为公开发布初始提交:完整开发历史(含部署细节)留存于私有归档,公开仓库自此干净起步。
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
package jwtauth
|
||||
|
||||
import "context"
|
||||
|
||||
type Claims struct {
|
||||
UserID string
|
||||
Groups []string
|
||||
// JTI and Scopes are populated only for HS256 shortcut tokens; a full OIDC /
|
||||
// dev session leaves them empty. A non-empty JTI marks a *scoped* token —
|
||||
// one allowed to reach only the endpoints its Scopes grant (the route layer
|
||||
// enforces this). This keeps a leaked shortcut token's blast radius minimal.
|
||||
JTI string
|
||||
Scopes []string
|
||||
}
|
||||
|
||||
// Scoped reports whether these claims came from a scoped shortcut token rather
|
||||
// than a full login session.
|
||||
func (c *Claims) Scoped() bool { return c.JTI != "" }
|
||||
|
||||
// HasScope reports whether the claims grant the named scope.
|
||||
func (c *Claims) HasScope(scope string) bool {
|
||||
for _, s := range c.Scopes {
|
||||
if s == scope {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
type ctxKey int
|
||||
|
||||
const (
|
||||
claimsCtxKey ctxKey = iota
|
||||
deviceCtxKey
|
||||
deviceTypeCtxKey
|
||||
)
|
||||
|
||||
func ClaimsFromContext(ctx context.Context) (*Claims, bool) {
|
||||
c, ok := ctx.Value(claimsCtxKey).(*Claims)
|
||||
return c, ok
|
||||
}
|
||||
|
||||
func DeviceNameFromContext(ctx context.Context) (string, bool) {
|
||||
n, ok := ctx.Value(deviceCtxKey).(string)
|
||||
return n, ok
|
||||
}
|
||||
|
||||
// DeviceTypeFromContext returns the client-declared device type set by the auth
|
||||
// middleware (browser / macos / windows / linux), defaulting to "browser".
|
||||
func DeviceTypeFromContext(ctx context.Context) string {
|
||||
t, ok := ctx.Value(deviceTypeCtxKey).(string)
|
||||
if !ok || t == "" {
|
||||
return "browser"
|
||||
}
|
||||
return t
|
||||
}
|
||||
Reference in New Issue
Block a user