gitea-mcp/Config/JwtOptions.cs

namespace GiteaMcp.Config;

/// <summary>
/// JWT 验签配置，与 nas-auth / obsidian-mcp 共用同款 HS256 对称密钥。
/// ValidIssuer = auth.zhengchentao.win，ValidAudience = gitea。
/// </summary>
public class JwtOptions
{
    public const string SectionName = "Jwt";

    public string Issuer { get; set; } = "https://auth.zhengchentao.win";
    public string Audience { get; set; } = "gitea";

    /// <summary>当前签名密钥（HS256 对称密钥，base64 或原文均可，长度 >= 32 字节）</summary>
    public string SigningKeyCurrent { get; set; } = string.Empty;

    /// <summary>
    /// 上一轮密钥（轮换窗口内保留，允许旧 Token 继续使用）。
    /// 留空表示不存在旧密钥。
    /// </summary>
    public string SigningKeyPrevious { get; set; } = string.Empty;
}