tomsun28 commented on code in PR #3604:
URL: https://github.com/apache/hertzbeat/pull/3604#discussion_r2264565627
##########
hertzbeat-manager/src/main/java/org/apache/hertzbeat/manager/config/ConfigInitializer.java:
##########
@@ -111,29 +115,38 @@ public void initConfig() {
TemplateConfig templateConfig = templateConfigService.getConfig();
appService.updateCustomTemplateConfig(templateConfig);
// for system secrets
+ boolean needUpdate = false;
+ SystemSecret.SystemSecretBuilder builder = SystemSecret.builder();
if (DEFAULT_JWT_SECRET.equals(currentJwtSecret)) {
// use the random jwt secret
SystemSecret systemSecret = systemSecretService.getConfig();
if (systemSecret == null ||
StringUtils.isBlank(systemSecret.getJwtSecret())) {
- char[] chars = DEFAULT_JWT_SECRET.toCharArray();
- Random rand = new Random();
- for (int i = 0; i < chars.length; i++) {
- int index = rand.nextInt(chars.length);
- char temp = chars[i];
- chars[i] = chars[index];
- chars[index] = temp;
- }
- currentJwtSecret = new String(chars);
- systemSecret =
SystemSecret.builder().jwtSecret(currentJwtSecret).build();
- systemSecretService.saveConfig(systemSecret);
+ currentJwtSecret = randomizeSecret(DEFAULT_JWT_SECRET);
+ builder.jwtSecret(currentJwtSecret);
+ needUpdate = true;
} else {
currentJwtSecret = systemSecret.getJwtSecret();
}
}
// else use the user custom jwt secret
// set the jwt secret token in util
JsonWebTokenUtil.setDefaultSecretKey(currentJwtSecret);
-
+ // Aes secret config
+ if (AesUtil.ENCODE_RULES.equals(currentAesSecret)) {
+ // use the random aes secret
+ SystemSecret systemSecret = systemSecretService.getConfig();
+ if (systemSecret == null ||
StringUtils.isBlank(systemSecret.getAesSecret())) {
+ currentAesSecret = randomizeSecret(AesUtil.ENCODE_RULES);
+ builder.aesSecret(currentAesSecret);
+ } else {
+ currentAesSecret = systemSecret.getAesSecret();
+ }
+ }
+ AesUtil.setDefaultSecretKey(currentAesSecret);
Review Comment:
Hi, @bigcyy @zqr10159 @yuluo-yx I found that we overlooked an important
point. The AesUtil will be use in selfhosted `collector`, which need use the
same AesSecret with the `hertzbeat-manager`, else the `hertzbeat-collector` can
not `AesUtil.decode` the encrypted string.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
