fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性

2026-03-10 17:43:55 +08:00
parent 5d839192ab
commit 95d6927724
4 changed files with 177 additions and 310 deletions
@@ -8,6 +8,7 @@ from pydantic import (
    AnyHttpUrl,
    BaseModel,
    Field,
+    SecretStr,
    computed_field,
    field_validator,
    model_validator,
@@ -126,9 +127,9 @@ class SupabaseSettings(BaseModel):
    public_url: AnyHttpUrl
    anon_key: str = "CHANGE_ME"
    service_role_key: str = "CHANGE_ME"
-    jwt_audience: str = "authenticated"
+    jwt_secret: SecretStr | None = Field(default=None, exclude=True)
+    jwt_algorithm: Literal["HS256"] = "HS256"
    jwt_issuer: str | None = None
-    jwks_url: str | None = None

    @model_validator(mode="after")
    def compute_defaults(self) -> "SupabaseSettings":
@@ -136,9 +137,6 @@ class SupabaseSettings(BaseModel):
        if self.jwt_issuer is None:
            self.jwt_issuer = f"{base}/auth/v1"

-        if self.jwks_url is None:
-            self.jwks_url = f"{self.jwt_issuer}/.well-known/jwks.json"
-
        return self

    @computed_field