Merge remote-tracking branch 'origin/master' into codex/wechat-mini-program-virtual-payment

# Conflicts: # .hermes/shared-memory/decision-log.md
2026-05-27 20:35:32 +08:00
parent f36b90ebdb a7bba70ca5
commit b43c3cd823
256 changed files with 10164 additions and 6985 deletions
--- a/server-rs/crates/platform-auth/src/lib.rs
+++ b/server-rs/crates/platform-auth/src/lib.rs
@@ -1512,7 +1512,9 @@ impl RuntimeGuestTokenClaims {

        let issued_at_unix = issued_at.unix_timestamp();
        if issued_at_unix < 0 {
-            return Err(JwtError::InvalidClaims("runtime guest JWT iat 不能早于 Unix epoch"));
+            return Err(JwtError::InvalidClaims(
+                "runtime guest JWT iat 不能早于 Unix epoch",
+            ));
        }

        let expires_at = issued_at
@@ -1521,10 +1523,14 @@ impl RuntimeGuestTokenClaims {
                    JwtError::InvalidConfig("runtime guest JWT 过期时间超出 i64 上限")
                })?,
            ))
-            .ok_or(JwtError::InvalidConfig("runtime guest JWT 过期时间计算溢出"))?;
+            .ok_or(JwtError::InvalidConfig(
+                "runtime guest JWT 过期时间计算溢出",
+            ))?;
        let expires_at_unix = expires_at.unix_timestamp();
        if expires_at_unix <= issued_at_unix {
-            return Err(JwtError::InvalidClaims("runtime guest JWT exp 必须晚于 iat"));
+            return Err(JwtError::InvalidClaims(
+                "runtime guest JWT exp 必须晚于 iat",
+            ));
        }

        let claims = Self {
@@ -1563,7 +1569,9 @@ impl RuntimeGuestTokenClaims {
            return Err(JwtError::InvalidClaims("runtime guest JWT typ 非法"));
        }
        if self.exp <= self.iat {
-            return Err(JwtError::InvalidClaims("runtime guest JWT exp 必须晚于 iat"));
+            return Err(JwtError::InvalidClaims(
+                "runtime guest JWT exp 必须晚于 iat",
+            ));
        }
        Ok(())
    }
@@ -1673,7 +1681,9 @@ pub fn verify_runtime_guest_token(
 ) -> Result<RuntimeGuestTokenClaims, JwtError> {
    let token = token.trim();
    if token.is_empty() {
-        return Err(JwtError::VerifyFailed("runtime guest JWT 不能为空".to_string()));
+        return Err(JwtError::VerifyFailed(
+            "runtime guest JWT 不能为空".to_string(),
+        ));
    }

    let mut validation = Validation::new(ACCESS_TOKEN_ALGORITHM);
@@ -2383,7 +2393,10 @@ mod tests {
        assert_eq!(verified.subject(), "guest-runtime-123");
        assert_eq!(verified.scope(), RUNTIME_GUEST_SCOPE_PUBLIC_PLAY);
        assert_eq!(verified.typ, RUNTIME_GUEST_TOKEN_TYPE);
-        assert_eq!(verified.expires_at_unix() - verified.iat, DEFAULT_RUNTIME_GUEST_TOKEN_TTL_SECONDS);
+        assert_eq!(
+            verified.expires_at_unix() - verified.iat,
+            DEFAULT_RUNTIME_GUEST_TOKEN_TTL_SECONDS
+        );
    }

    #[test]