fixed

deatil · deatil · commit ea49a7117231 · 2025-07-02T11:20:57.000+08:00
diff --git a/build.zig.zon b/build.zig.zon
@@ -1,7 +1,7 @@
 .{
     .name = .zig_jwt,
     .description = "A JWT (JSON Web Token) library for zig.",
-    .version = "1.2.8",
+    .version = "1.2.9",
     .fingerprint = 0x30a5aec248bd7ac3, 
     .minimum_zig_version = "0.15.0-dev.337+4e700fdf8",
     .dependencies = .{},
diff --git a/src/jwt.zig b/src/jwt.zig
@@ -48,6 +48,7 @@ pub const SigningMethodNone = JWT(none.SigningNone, []const u8, []const u8);
 pub const Error = error{
     JWTVerifyFail,
     JWTSigningMethodNotExists,
+    JWTTokenInvalid,
     JWTTypeInvalid,
     JWTAlgoInvalid,
 };
@@ -110,6 +111,12 @@ pub fn JWT(comptime Signer: type, comptime SignKeyType: type, comptime VerifyKey
             var t = Token.init(self.alloc);
             t.parse(token_string);
 
+            if (t.getPartCount() < 2) {
+                defer t.deinit();
+
+                return Error.JWTTokenInvalid;
+            }
+
             var header = try t.getHeader();
             defer header.deinit(self.alloc);
 
@@ -145,6 +152,7 @@ pub fn JWT(comptime Signer: type, comptime SignKeyType: type, comptime VerifyKey
             return t;
         }
 
+        // build token
         pub fn build(self: Self) BuilderType {
             return BuilderType.init(self.alloc);
         }
diff --git a/src/jwt_test.zig b/src/jwt_test.zig
@@ -1444,6 +1444,23 @@ test "SigningMethodEdDSA type" {
     try testing.expectEqualStrings(headers.alg, headers2.alg);
 }
 
+test "SigningMethodEdDSA JWTTokenInvalid" {
+    const alloc = testing.allocator;
+
+    const kp = jwt.eddsa.Ed25519.KeyPair.generate();
+
+    const token_string = "eyJhbGciOiJFRDI1NTE5IiwidHlwIjoiSldUIn0";
+
+    const p = jwt.SigningMethodEdDSA.init(alloc);
+
+    var need_true: bool = false;
+    _ = p.parse(token_string, kp.public_key) catch |err| {
+        need_true = true;
+        try testing.expectEqual(jwt.Error.JWTTokenInvalid, err);
+    };
+    try testing.expectEqual(true, need_true);
+}
+
 test "SigningMethodEdDSA JWTTypeInvalid" {
     const alloc = testing.allocator;
 
diff --git a/src/rsa/rsa.zig b/src/rsa/rsa.zig
@@ -24,6 +24,10 @@ pub const PublicKey = struct {
 
     const Self = @This();
 
+    pub fn size(self: Self) usize {
+        return byteLen(self.n.bits());
+    }
+
     pub fn fromBytes(mod: []const u8, exp: []const u8) !PublicKey {
         const n = try Modulus.fromBytes(mod, .big);
         if (n.bits() <= 512) return error.InsecureBitCount;
@@ -1138,6 +1142,8 @@ test "rsa PKCS1-v1_5 encrypt and decrypt" {
 
     try std.testing.expectEqualSlices(u8, msg, dec);
 
+    try std.testing.expectEqual(256, kp.public_key.size());
+
     // ==========
 
     const check2 = "907052e0ee7f8f92990751c3432c73a3450a7dece61ba1876169875dc9b28b4aa40699c8377141ed021a92c1ab623d734e8cf1010814eb7fc26321c7b037cc467c0f2b9029c4fc082387c7dedb718dda3251b3b2a7f06871d446be2df051e2013d3726af7002a5e487559cf36ea6a11bacdfb12dc35cc9285bfed8906fac3c0c8a1a69bbdc8f834e5f1a766e13792dcc202bf48e7eb6aca78f8df4904b59d2d09b5eaaf58903217b1d0d21fb66e5e44836b422500a2c9d5e0f37232544dc32a0d1ec33e32c4b113057441097f936a6e7b4f49be6b7fb7240b0f982aee9b3fde4708fb7dfe365b9576bcd0fd0120a50658c76c2e0361b82fbf60a423b363dd354";
@@ -1307,6 +1313,9 @@ fn test_sign_with_key_der(prikey: []const u8, pubkey: []const u8) !void {
     const pri_key = try SecretKey.fromDerAuto(prikey_bytes);
     const pub_key = try PublicKey.fromDerAuto(pubkey_bytes);
 
+    try std.testing.expectEqual(256, pri_key.public_key.size());
+    try std.testing.expectEqual(256, pub_key.size());
+
     const msg = "rsa PSS signature";
     var out: [max_modulus_len]u8 = undefined;
 
diff --git a/src/token.zig b/src/token.zig
@@ -130,6 +130,11 @@ pub const Token = struct {
         return self.alloc.dupe(u8, self.msg);
     }
 
+    pub fn getPartCount(self: *Self) usize {
+        const count = std.mem.count(u8, self.raw, ".");
+        return count + 1;
+    }
+
     fn getRawNoSignature(self: *Self) ![]const u8 {
         const count = std.mem.count(u8, self.raw, ".");
         if (count <= 1) {
@@ -270,6 +275,9 @@ test "Token" {
     defer alloc.free(signature2);
     try testing.expectEqual(0, signature2.len);
 
+    const partCount = token2.getPartCount();
+    try testing.expectEqual(2, partCount);
+
     // ====================
 
     var token3 = Token.init(alloc);
@@ -299,6 +307,9 @@ test "Token" {
     defer alloc.free(token5);
     try testing.expectEqualStrings(check1, token5);
 
+    const partCount2 = token3.getPartCount();
+    try testing.expectEqual(3, partCount2);
+
     // ====================
 
     const check3 = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9";
@@ -315,6 +326,9 @@ test "Token" {
     const sig6 = try token6.getMsg();
     defer alloc.free(sig6);
     try testing.expectEqualStrings(check3, sig6);
+
+    const partCount6 = token6.getPartCount();
+    try testing.expectEqual(1, partCount6);
 }
 
 test "Token 2" {
