From fcf49b52573061acea4094f5cc5600b4b73db398 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Tue, 3 Mar 2026 08:16:38 -0800
Subject: [PATCH] =?UTF-8?q?fix(admin-service):=20=E6=B3=A8=E5=86=8C=20JwtS?=
 =?UTF-8?q?trategy=20=E8=A7=A3=E5=86=B3=20"Unknown=20authentication=20stra?=
 =?UTF-8?q?tegy"=20=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

admin-service 使用了 @genex/common 的 JwtAuthGuard 保护管理端接口，
但缺少对应的 Passport JWT Strategy 注册。新增轻量级 JwtStrategy，
仅验证 token 签名和提取 payload，不依赖 UserRepository。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../services/admin-service/src/admin.module.ts |  2 ++
 .../infrastructure/strategies/jwt.strategy.ts  | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 backend/services/admin-service/src/infrastructure/strategies/jwt.strategy.ts

diff --git a/backend/services/admin-service/src/admin.module.ts b/backend/services/admin-service/src/admin.module.ts
index 1ea05fa..9916649 100644
--- a/backend/services/admin-service/src/admin.module.ts
+++ b/backend/services/admin-service/src/admin.module.ts
@@ -17,6 +17,7 @@ import { PACKAGE_PARSER } from './domain/ports/package-parser.interface';
 // Infrastructure
 import { AppVersionRepository } from './infrastructure/persistence/app-version.repository';
 import { PackageParserService } from './infrastructure/parsers/package-parser.service';
+import { JwtStrategy } from './infrastructure/strategies/jwt.strategy';
 
 // Interface - Controllers
 import { AppVersionController } from './interface/http/controllers/app-version.controller';
@@ -57,6 +58,7 @@ import { HealthController } from './interface/http/controllers/health.controller
     AppVersionService,
     FileStorageService,
     { provide: PACKAGE_PARSER, useClass: PackageParserService },
+    JwtStrategy,
   ],
 })
 export class AdminModule {}
diff --git a/backend/services/admin-service/src/infrastructure/strategies/jwt.strategy.ts b/backend/services/admin-service/src/infrastructure/strategies/jwt.strategy.ts
new file mode 100644
index 0000000..9a06d2a
--- /dev/null
+++ b/backend/services/admin-service/src/infrastructure/strategies/jwt.strategy.ts
@@ -0,0 +1,18 @@
+import { Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
+  constructor() {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: process.env.JWT_ACCESS_SECRET || 'dev-access-secret',
+    });
+  }
+
+  async validate(payload: { sub: string; role: string; kycLevel: number; type: string }) {
+    return { sub: payload.sub, role: payload.role, kycLevel: payload.kycLevel };
+  }
+}