Update auth.go

internal/middleware/grpc/auth.go

@@ -2,13 +2,14 @@ package grpc
 
 import (
 	"context"
-	"framework_v2/internal/providers/jwks"
-	"framework_v2/models"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/auth"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/logging"
 	"github.com/mitchellh/mapstructure"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"leafdev.top/leaf/rag/consts"
+	"leafdev.top/leaf/rag/internal/providers/jwks"
+	"leafdev.top/leaf/rag/models"
 )
 
 func JwtAuth(ctx context.Context) (context.Context, error) {
@@ -17,8 +18,8 @@ func JwtAuth(ctx context.Context) (context.Context, error) {
 		return nil, err
 	}
 
-	sub := "anonymous"
-	var jwtIdToken *models.User
+	sub := consts.AnonymousUser
+	var jwtIdToken = &models.User{}
 
 	if config.DebugMode.Enable {
 		jwtIdToken.Token.Sub = sub
@@ -32,6 +33,18 @@ func JwtAuth(ctx context.Context) (context.Context, error) {
 			return nil, status.Errorf(codes.Unauthenticated, "unable get token sub: %v", err)
 		}
 
+		// 如果 token.Header 中没有 typ
+		if token.Header["typ"] == "" {
+			return nil, consts.ErrEmptyResponse
+		}
+
+		// must id token
+		if token.Header["typ"] != "id_token" {
+			return nil, consts.ErrTokenError
+		}
+
+		jwtIdToken.Valid = true
+
 		err = mapstructure.Decode(token.Claims, &jwtIdToken)
 		if err != nil {
 			logger.Error("Failed to map token claims to JwtIDToken struct.\nError: " + err.Error())