refactor: automatically generate jwt signing key

2024-05-23 11:06:33 +08:00 · 2024-05-23 11:06:33 +08:00 · 638c62da2f
parent 1898675075
commit 638c62da2f
7 changed files with 23 additions and 10 deletions
--- a/center/center.go
+++ b/center/center.go
@ -64,6 +64,8 @@ func Initialize(configDir string, cryptoKey string) (func(), error) {
 	migrate.Migrate(db)
 	models.InitRoot(ctx)

+	config.HTTP.JWTAuth.SigningKey = models.InitJWTSigningKey(ctx)
+
 	err = rsa.InitRSAConfig(ctx, &config.HTTP.RSA)
 	if err != nil {
 		return nil, err
--- a/docker/compose-bridge/etc-nightingale/config.toml
+++ b/docker/compose-bridge/etc-nightingale/config.toml
@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
--- a/docker/compose-host-network-metric-log/etc-nightingale/config.toml
+++ b/docker/compose-host-network-metric-log/etc-nightingale/config.toml
@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
--- a/docker/compose-host-network/etc-nightingale/config.toml
+++ b/docker/compose-host-network/etc-nightingale/config.toml
@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
--- a/docker/compose-postgres/n9eetc_pg/config.toml
+++ b/docker/compose-postgres/n9eetc_pg/config.toml
@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
--- a/etc/config.toml
+++ b/etc/config.toml
@ -55,8 +55,6 @@ Enable = true
 user001 = "ccc26da7b9aba533cbb263a36c07dcc5"

 [HTTP.JWTAuth]
-# signing key
-SigningKey = "5b94a0fd640fe2765af826acfe42d151"
 # unit: min
 AccessExpired = 1500
 # unit: min
--- a/models/configs.go
+++ b/models/configs.go
@ -44,8 +44,29 @@ const (
 	RSA_PRIVATE_KEY = "rsa_private_key"
 	RSA_PUBLIC_KEY  = "rsa_public_key"
 	RSA_PASSWORD    = "rsa_password"
+	JWT_SIGNING_KEY = "jwt_signing_key"
 )

+func InitJWTSigningKey(ctx *ctx.Context) string {
+	val, err := ConfigsGet(ctx, JWT_SIGNING_KEY)
+	if err != nil {
+		log.Fatalln("init jwt signing key in mysql", err)
+	}
+
+	if val != "" {
+		return val
+	}
+
+	content := fmt.Sprintf("%s%d%d%s", runner.Hostname, os.Getpid(), time.Now().UnixNano(), str.RandLetters(6))
+	key := str.MD5(content)
+	err = ConfigsSet(ctx, JWT_SIGNING_KEY, key)
+	if err != nil {
+		log.Fatalln("init jwt signing key in mysql", err)
+	}
+
+	return key
+}
+
 // InitSalt generate random salt
 func InitSalt(ctx *ctx.Context) {
 	val, err := ConfigsGet(ctx, SALT)