实现示例type Token = { id: string; scope: string; created: number; expires: number; perms: string[] } function validScope(s: string): boolean { return /^@[a-z0-9_\-]+$/.test(s) } function minimalPerms(perms: string[]): boolean { return perms.length === 1 && perms[0] === 'read:packages' } function leaked(s: string): boolean { return /(ghp_[A-Za-z0-9]{36}|npm_[A-Za-z0-9]{36})/.test(s) } function within(created: number, expires: number, now: number, leewaySec: number): boolean { if (expires <= created) return false return now + leewaySec * 1000 >= created && now - leewaySec * 1000 <= expires } function evaluate(t: Token, now: number): { ok: boolean; actions: string[] } { const actions: string[] = [] const ok = validScope(t.scope) && minimalPerms(t.perms) && within(t.created, t.expires, now, 60) if (!ok) actions.push('rotate') return { ok, actions } } 审计与运行治理记录令牌作用域、权限与时间窗口;异常触发吊销与轮换并回退到可信配置。禁止高权限令牌在构建环境使用;默认只读。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复