@@ -21,15 +21,18 @@ fn verify_with_key_str(
2121pub fn verify_jwt_token ( token_str : & str ) -> Result < BTreeMap < String , String > , jwt:: Error > {
2222 let toml_cfg = get_config_content ( ) ;
2323 let parsed_toml = toml_cfg. parse :: < Table > ( ) . unwrap ( ) ;
24- let key_str = parsed_toml[ "jwt_secret" ] . as_str ( ) . unwrap ( ) ;
2524
26- match verify_with_key_str ( token_str, key_str) {
27- Ok ( claims) => {
28- debug_log ! ( "email: {}" , claims[ "email" ] ) ;
29- return Ok ( claims) ;
30- }
31- Err ( e) => {
32- debug_log ! ( "JWT verification with jwt_secret failed: {:?}" , e) ;
25+ // If only unified_secret is configured, it serves as jwt_secret as well.
26+ // Try jwt_secret first, then fall through to unified_secret.
27+ if let Some ( key_str) = parsed_toml. get ( "jwt_secret" ) . and_then ( |v| v. as_str ( ) ) {
28+ match verify_with_key_str ( token_str, key_str) {
29+ Ok ( claims) => {
30+ debug_log ! ( "email: {}" , claims[ "email" ] ) ;
31+ return Ok ( claims) ;
32+ }
33+ Err ( e) => {
34+ debug_log ! ( "JWT verification with jwt_secret failed: {:?}" , e) ;
35+ }
3336 }
3437 }
3538
@@ -64,7 +67,12 @@ pub fn generate_jwt_secret() {
6467pub fn generate_jwt_token ( email : & str ) -> Result < String , jwt:: Error > {
6568 let toml_cfg = get_config_content ( ) ;
6669 let parsed_toml = toml_cfg. parse :: < Table > ( ) . unwrap ( ) ;
67- let key_str = parsed_toml[ "jwt_secret" ] . as_str ( ) . unwrap ( ) ;
70+ // For token generation, prefer jwt_secret, fall back to unified_secret
71+ let key_str = parsed_toml
72+ . get ( "jwt_secret" )
73+ . or_else ( || parsed_toml. get ( "unified_secret" ) )
74+ . and_then ( |v| v. as_str ( ) )
75+ . expect ( "config must define jwt_secret or unified_secret" ) ;
6876 let key: Hmac < Sha256 > = Hmac :: new_from_slice ( key_str. as_bytes ( ) ) ?;
6977 let mut claims = BTreeMap :: new ( ) ;
7078 claims. insert ( "email" . to_string ( ) , email. to_string ( ) ) ;
0 commit comments