From 079dbeaf815285d043bab6eb04518001e536b26b Mon Sep 17 00:00:00 2001
From: keqingmoe <me@keqing.moe>
Date: Tue, 31 Dec 2024 01:44:29 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96JWT=E8=A7=A3=E7=A0=81?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91=EF=BC=8C=E6=B7=BB=E5=8A=A0=E9=94=99=E8=AF=AF?=
 =?UTF-8?q?=E5=A4=84=E7=90=86=E4=BB=A5=E9=98=B2=E6=AD=A2=E7=A9=BA=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7ID=E5=AF=BC=E8=87=B4=E7=9A=84=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E6=8B=92=E7=BB=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/jwt/jwt.cpp             | 12 +++++++++---
 src/server/auth/delete.c    |  5 +++++
 src/server/auth/repasswd.c  |  5 +++++
 src/server/study/problems.c |  5 +++++
 src/server/study/sets.c     |  5 +++++
 5 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/jwt/jwt.cpp b/src/jwt/jwt.cpp
index 33e7701..ec39e4d 100644
--- a/src/jwt/jwt.cpp
+++ b/src/jwt/jwt.cpp
@@ -1,6 +1,8 @@
 #include "jwt.h"
 
 #include <chrono>
+#include <print>
+
 #include <jwt-cpp/jwt.h>
 
 
@@ -23,9 +25,13 @@ extern "C"
 
     auto get_payload(const char* token) -> char*
     {
-        auto decoded_token = jwt::decode(token);
-        auto payload       = decoded_token.get_payload_claim("user_id").as_string();
-        return strdup(payload.c_str());
+        try {
+            auto decoded_token = jwt::decode(token);
+            auto payload       = decoded_token.get_payload_claim("user_id").as_string();
+            return strdup(payload.c_str());
+        } catch (...) {
+            return nullptr;
+        }
     }
 
     auto verify_token(const char* token, const char* secret) -> int
diff --git a/src/server/auth/delete.c b/src/server/auth/delete.c
index 8898a20..c081b3f 100644
--- a/src/server/auth/delete.c
+++ b/src/server/auth/delete.c
@@ -82,6 +82,11 @@ int user_delete_handler(mg_connection* conn, void* cbdata)
     }
 
     char* user_id = get_payload(form.token);
+    if (!user_id) {
+        res_permission_denied(conn);
+        delete_form_dtor(&form);
+        return 1;
+    }
 
     if (form.user_id && strcmp(user_id, form.user_id)) {
         int perm1;
diff --git a/src/server/auth/repasswd.c b/src/server/auth/repasswd.c
index fe64a37..1a08da4 100644
--- a/src/server/auth/repasswd.c
+++ b/src/server/auth/repasswd.c
@@ -150,6 +150,11 @@ int user_repasswd_handler(mg_connection* conn, void* cbdata)
     }
 
     char* user_id = get_payload(form.token);
+    if (!user_id) {
+        res_permission_denied(conn);
+        repasswd_form_dtor(&form);
+        return 1;
+    }
 
     if (form.user_id && strcmp(user_id, form.user_id)) {
         impl_others(conn, user_id, &form);
diff --git a/src/server/study/problems.c b/src/server/study/problems.c
index 58d3880..90d0c27 100644
--- a/src/server/study/problems.c
+++ b/src/server/study/problems.c
@@ -255,6 +255,11 @@ int problems_handler(mg_connection* conn, void* cbdata)
         res_need_token(conn);
     } else {
         char* user_id = get_payload(form.token);
+        if (!user_id) {
+            res_permission_denied(conn);
+            problem_form_dtor(&form);
+            return 1;
+        }
         int result;
         int flag = get_user_permission(user_id, &result);
         if (!flag) {
diff --git a/src/server/study/sets.c b/src/server/study/sets.c
index 408bbe9..fbb2ae5 100644
--- a/src/server/study/sets.c
+++ b/src/server/study/sets.c
@@ -204,6 +204,11 @@ int sets_handler(mg_connection* conn, void* cbdata)
         res_need_token(conn);
     } else {
         char* user_id = get_payload(form.token);
+        if (!user_id) {
+            res_permission_denied(conn);
+            set_form_dtor(&form);
+            return 1;
+        }
         int result;
         int flag = get_user_permission(user_id, &result);
         if (!flag) {