JWT 安全漏洞

常見 JWT 攻擊

1. None 演算法攻擊

import jwt

# 攻擊者修改 header: {"alg": "none"}
token = "eyJhbGciOiAibm9uZSJ9.eyJ1c2VyX2lkIjogMX0."
# 某些舊版函式庫會接受 none 演算法!

# ✅ 安全寫法 - 指定演算法
jwt.decode(token, secret, algorithms=["HS256"])

2. 弱密鑰爆破

# 攻擊者嘗試常見密鑰
common_secrets = ["secret", "password", "123456", "key", "jwt_secret"]
for s in common_secrets:
    try:
        payload = jwt.decode(token, s, algorithms=["HS256"])
        print(f"密鑰找到了: {s}")
        break
    except:
        pass

3. Vibe Prompt

「幫我實作安全的 JWT 認證中間件:使用 RS256(非對稱加密)、設定短有效期、加入 Refresh Token 機制。」

from fastapi import FastAPI, Depends, HTTPException
from fastapi.security import HTTPBearer
import jwt, time

app = FastAPI()
security = HTTPBearer()

PRIVATE_KEY = open("private.pem").read()
PUBLIC_KEY = open("public.pem").read()

def create_access_token(user_id: int):
    return jwt.encode({
        "user_id": user_id,
        "exp": time.time() + 3600,  # 1 小時
        "iat": time.time()
    }, PRIVATE_KEY, algorithm="RS256")

def verify_token(credentials=Depends(security)):
    try:
        payload = jwt.decode(
            credentials.credentials, PUBLIC_KEY,
            algorithms=["RS256"]
        )
        return payload["user_id"]
    except jwt.ExpiredSignatureError:
        raise HTTPException(401, "Token 已過期")
    except jwt.InvalidTokenError:
        raise HTTPException(401, "無效 Token")

@app.get("/me")
def get_me(user_id=Depends(verify_token)):
    return {"user_id": user_id}

解鎖完整教學內容

本章為付費內容。加入專案即可解鎖超過 5000 字的深度解析,包含 10 個以上神級 Prompt 與真實 Source Code 範例!