fix: Page Embedding Authentication Vulnerability

Author: fit2cloud-chenyw

backend/apps/system/middleware/auth.py

@@ -169,6 +169,9 @@ async def validateEmbedded(self, param: str, trans: I18n) -> tuple[any]:
                     raise Exception(message)
                 assistant_info = await get_assistant_info(session=session, assistant_id=embeddedId)
                 assistant_info = AssistantModel.model_validate(assistant_info)
+                payload = jwt.decode(
+                    param, assistant_info.app_secret, algorithms=[security.ALGORITHM]
+                )
                 assistant_info = AssistantHeader.model_validate(assistant_info.model_dump(exclude_unset=True))
                 return True, session_user, assistant_info
         except Exception as e: