Next.js 15 JWT RS256 签名验证与 Cookie 会话治理实践

核心价值在 Edge 环境通过 `crypto.subtle` 验证 RS256 签名，避免引入重型依赖。对 `exp/aud/iss` 进行严格校验并与 Cookie 会话结合，提升安全性与一致性。验证实现export const runtime = 'edge' const JWK: JsonWebKey = { kty: 'RSA', n: 'BASE64URL_N', e: 'AQAB' } const AUD = 'web' const ISS = 'https://auth.example.com' function b64urlToBytes(s: string) { s = s.replace(/-/g, '+').replace(/_/g, '/') const pad = s.length % 4 === 0 ? '' : '='.repeat(4 - (s.length % 4)) const raw = atob(s + pad) const buf = new Uint8Array(raw.length) for (let i = 0; i < raw.length; i++) buf[i] = raw.charCodeAt(i) return buf } async function verifyRS256(jwt: string) { const [h, p, s] = jwt.split('.') if (!h || !p || !s) return null const data = new TextEncoder().encode(`${h}.${p}`) const sig = b64urlToBytes(s) const key = await crypto.subtle.importKey('jwk', JWK, { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, false, ['verify']) const ok = await crypto.subtle.verify('RSASSA-PKCS1-v1_5', key, sig, data) if (!ok) return null const payload = JSON.parse(new TextDecoder().decode(b64urlToBytes(p))) return payload } export async function GET(req: Request) { const auth = req.headers.get('authorization') || '' const token = auth.startsWith('Bearer ') ? auth.slice(7) : '' const payload = token ? await verifyRS256(token) : null if (!payload) return new Response('Unauthorized', { status: 401 }) const now = Math.floor(Date.now() / 1000) if (payload.exp && now >= payload.exp) return new Response('Expired', { status: 401 }) if (payload.aud !== AUD || payload.iss !== ISS) return new Response('Unauthorized', { status: 401 }) const sid = crypto.randomUUID() return Response.json({ ok: true, sub: payload.sub }, { headers: { 'Set-Cookie': `sid=${sid}; Path=/; HttpOnly; SameSite=Lax`, 'Cache-Control': 'no-store', }, }) } 治理建议使用 JWK 公钥验证 RS256，私钥只在身份提供方；对 `kid` 做密钥轮换管理。会话 Cookie 设置 `HttpOnly/SameSite`，必要时 `Secure`；与 CSRF 防护协同。结论在 Edge 路由中以原生 Web Crypto 验证 JWT 并结合 Cookie 会话治理，具备高性能与低依赖的优势，适合现代前端架构的安全入口。