diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index 6f84cbf290..103c58afca 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -107,6 +107,7 @@ public StandardAuthManager(HugeGraphParams graph) { HugeAccess::fromEdge); this.tokenGenerator = new TokenGenerator(config); + LOG.info("Randomly generate a JWT secret key now"); this.ipWhiteList = new HashSet<>(); diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java index af04934610..c996082dab 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java @@ -21,6 +21,9 @@ import static org.apache.hugegraph.config.OptionChecker.rangeDouble; import static org.apache.hugegraph.config.OptionChecker.rangeInt; +import java.security.SecureRandom; +import java.util.Base64; + public class AuthOptions extends OptionHolder { private AuthOptions() { @@ -90,7 +93,7 @@ public static synchronized AuthOptions instance() { "auth.token_secret", "Secret key of HS256 algorithm.", disallowEmpty(), - "FXQXbJtbCLxODc6tGci732pkH1cyf8Qg" + generateRandomBase64Key() ); public static final ConfigOption AUTH_AUDIT_LOG_RATE = @@ -126,4 +129,12 @@ public static synchronized AuthOptions instance() { rangeInt(0L, Long.MAX_VALUE), (3600 * 24L) ); + + private static String generateRandomBase64Key() { + SecureRandom random = new SecureRandom(); + // 32 bytes for HMAC-SHA256 + byte[] bytes = new byte[32]; + random.nextBytes(bytes); + return Base64.getEncoder().encodeToString(bytes); + } }