From c452ae81d169d3b8672ed35439cc50b8492e2765 Mon Sep 17 00:00:00 2001
From: iven <iven_h@qq.com>
Date: Wed, 6 May 2026 10:21:25 +0800
Subject: [PATCH] =?UTF-8?q?fix(health):=20OAuth=20JWT=20=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E7=BC=BA=E5=A4=B1=E8=BF=94=E5=9B=9E=E9=94=99=E8=AF=AF=E8=80=8C?=
 =?UTF-8?q?=E9=9D=9E=20panic?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/erp-health/src/oauth/handler.rs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/crates/erp-health/src/oauth/handler.rs b/crates/erp-health/src/oauth/handler.rs
index c0b216d..ebc30e7 100644
--- a/crates/erp-health/src/oauth/handler.rs
+++ b/crates/erp-health/src/oauth/handler.rs
@@ -18,8 +18,16 @@ pub async fn token(
     State(state): State<HealthState>,
     Json(req): Json<TokenRequest>,
 ) -> Result<(StatusCode, Json<TokenResponse>), (StatusCode, Json<TokenErrorResponse>)> {
-    let jwt_secret = std::env::var("ERP__AUTH__JWT_SECRET")
-        .expect("ERP__AUTH__JWT_SECRET 环境变量未设置 — 无法签发 OAuth token");
+    let jwt_secret = match std::env::var("ERP__AUTH__JWT_SECRET") {
+        Ok(s) => s,
+        Err(_) => {
+            tracing::error!("ERP__AUTH__JWT_SECRET 环境变量未设置 — 无法签发 OAuth token");
+            return Err((
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Json(TokenErrorResponse::invalid_client("服务配置错误")),
+            ));
+        }
+    };
 
     match OAuthService::token(&state.db, &req, &jwt_secret).await {
         Ok(resp) => Ok((StatusCode::OK, Json(resp))),