tdpeuter/open-webui
tdpeuter/open-webui
1
Fork 0
forked from open-webui/open-webui
Code Issues Pull requests 1 Projects 1 Releases 2 Packages 1 Activity Actions

We should verify signatures to make the whole session secret meaningful.

Browse source
This commit is contained in:
Tim Farrell 2024-02-01 13:46:45 -06:00
parent 03a7e35967
commit 2c1dacb9b6
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/utils/utils.py
View file

@ -48,7 +48,7 @@ def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> st
def decode_token(token: str) -> Optional[dict]: def decode_token(token: str) -> Optional[dict]:
try: try:
decoded = jwt.decode(token, SESSION_SECRET, options={"verify_signature": False}) decoded = jwt.decode(token, SESSION_SECRET)
return decoded return decoded
except Exception as e: except Exception as e:
return None return None