From dfaa55b7134c56d140a04bb97917b195335138ae Mon Sep 17 00:00:00 2001
From: vran <vran_dev@foxmail.com>
Date: Mon, 18 Apr 2022 08:58:16 +0800
Subject: [PATCH] fix: use hard-code secret

---
 api/src/main/resources/application.properties             | 3 ++-
 .../com/databasir/core/infrastructure/jwt/JwtTokens.java  | 8 +++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/api/src/main/resources/application.properties b/api/src/main/resources/application.properties
index 89200d7..baf91d4 100644
--- a/api/src/main/resources/application.properties
+++ b/api/src/main/resources/application.properties
@@ -11,4 +11,5 @@ spring.flyway.enabled=true
 spring.flyway.baseline-on-migrate=true
 spring.flyway.locations=classpath:db/migration
 # driver directory
-databasir.db.driver-directory=drivers
\ No newline at end of file
+databasir.db.driver-directory=drivers
+databasir.jwt.secret=${random.uuid}
\ No newline at end of file
diff --git a/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java b/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
index 81fbcb7..e3e046f 100644
--- a/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
+++ b/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
@@ -5,6 +5,7 @@ import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.JWTVerifier;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 import java.time.Instant;
@@ -23,10 +24,11 @@ public class JwtTokens {
 
     private static final String ISSUER = "Databasir";
 
-    private static final String SECRET = "Databasir2022";
+    @Value("${databasir.jwt.secret}")
+    private String tokenSecret;
 
     public String accessToken(String username) {
-        Algorithm algorithm = Algorithm.HMAC256(SECRET);
+        Algorithm algorithm = Algorithm.HMAC256(tokenSecret);
 
         return JWT.create()
                 .withExpiresAt(new Date(new Date().getTime() + ACCESS_EXPIRE_TIME))
@@ -36,7 +38,7 @@ public class JwtTokens {
     }
 
     public boolean verify(String token) {
-        JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET))
+        JWTVerifier verifier = JWT.require(Algorithm.HMAC256(tokenSecret))
                 .withIssuer(ISSUER)
                 .build();
         try {