fix: use hard-code secret

2022-04-18 08:58:16 +08:00 · 2022-04-18 08:58:16 +08:00 · dfaa55b713
parent 6b6a7f4e40
commit dfaa55b713
2 changed files with 7 additions and 4 deletions
--- a/api/src/main/resources/application.properties
+++ b/api/src/main/resources/application.properties
@ -11,4 +11,5 @@ spring.flyway.enabled=true
 spring.flyway.baseline-on-migrate=true
 spring.flyway.locations=classpath:db/migration
 # driver directory
-databasir.db.driver-directory=drivers
+databasir.db.driver-directory=drivers
+databasir.jwt.secret=${random.uuid}
--- a/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
+++ b/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
@ -5,6 +5,7 @@ import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.JWTVerifier;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;

 import java.time.Instant;
@ -23,10 +24,11 @@ public class JwtTokens {

    private static final String ISSUER = "Databasir";

-    private static final String SECRET = "Databasir2022";
+    @Value("${databasir.jwt.secret}")
+    private String tokenSecret;

    public String accessToken(String username) {
-        Algorithm algorithm = Algorithm.HMAC256(SECRET);
+        Algorithm algorithm = Algorithm.HMAC256(tokenSecret);

        return JWT.create()
                .withExpiresAt(new Date(new Date().getTime() + ACCESS_EXPIRE_TIME))
@ -36,7 +38,7 @@ public class JwtTokens {
    }

    public boolean verify(String token) {
-        JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET))
+        JWTVerifier verifier = JWT.require(Algorithm.HMAC256(tokenSecret))
                .withIssuer(ISSUER)
                .build();
        try {