fix: verify token length (#627)

2026-04-09 00:59:02 +03:00 · 2025-09-02 18:48:17 +08:00
parent 4016715187
commit db75ba4357
1 changed files with 4 additions and 0 deletions
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -173,6 +173,10 @@ impl AccessControl {
    fn verify_token<'a>(&'a self, token: &str, path: &str) -> Result<(String, &'a AccessPaths)> {
        let raw = hex::decode(token)?;
        if raw.len() < 72 {
            bail!("Invalid token");
        }
        let sig_bytes = &raw[..64];
        let exp_bytes = &raw[64..72];
        let user_bytes = &raw[72..];