fix(server): random generate default value (apache#2568)

Co-authored-by: imbajin <jin@apache.org>
haohao0103 · Jul 14, 2024 · 03b40a5 · 03b40a5
1 parent cedc000
commit 03b40a5
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/...ph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/...ph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java
@@ -107,6 +107,7 @@ public StandardAuthManager(HugeGraphParams graph) {
  HugeAccess::fromEdge);
 
  this.tokenGenerator = new TokenGenerator(config);
+ LOG.info("Randomly generate a JWT secret key now");
 
  this.ipWhiteList = new HashSet<>();
 

diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java
@@ -21,6 +21,9 @@
 import static org.apache.hugegraph.config.OptionChecker.rangeDouble;
 import static org.apache.hugegraph.config.OptionChecker.rangeInt;
 
+import java.security.SecureRandom;
+import java.util.Base64;
+
 public class AuthOptions extends OptionHolder {
 
  private AuthOptions() {
@@ -90,7 +93,7 @@ public static synchronized AuthOptions instance() {
  "auth.token_secret",
  "Secret key of HS256 algorithm.",
  disallowEmpty(),
- "FXQXbJtbCLxODc6tGci732pkH1cyf8Qg"
+ generateRandomBase64Key()
  );
 
  public static final ConfigOption<Double> AUTH_AUDIT_LOG_RATE =
@@ -126,4 +129,12 @@ public static synchronized AuthOptions instance() {
  rangeInt(0L, Long.MAX_VALUE),
  (3600 * 24L)
  );
+
+ private static String generateRandomBase64Key() {
+ SecureRandom random = new SecureRandom();
+ // 32 bytes for HMAC-SHA256
+ byte[] bytes = new byte[32];
+ random.nextBytes(bytes);
+ return Base64.getEncoder().encodeToString(bytes);
+ }
 }