From 651a7cf83e1a548c6ecd5cbb8cc82fc8fee52254 Mon Sep 17 00:00:00 2001 From: yusing Date: Tue, 18 Feb 2025 02:27:45 +0800 Subject: [PATCH] enable auth by default with temporary random JWT --- cmd/main.go | 6 +++++- internal/api/v1/auth/auth.go | 2 -- internal/common/crypto.go | 10 ++++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 154bc90..652c9b4 100755 --- a/cmd/main.go +++ b/cmd/main.go @@ -82,7 +82,11 @@ func main() { homepage.InitOverridesConfig, favicon.InitIconCache, ) - // logging.AddHook(notif.GetDispatcher()) + + if common.APIJWTSecret == nil { + logging.Warn().Msg("API_JWT_SECRET is not set, using random key") + common.APIJWTSecret = common.RandomJWTKey() + } } else { logging.DiscardLogger() } diff --git a/internal/api/v1/auth/auth.go b/internal/api/v1/auth/auth.go index 705c74b..c579d4a 100644 --- a/internal/api/v1/auth/auth.go +++ b/internal/api/v1/auth/auth.go @@ -4,7 +4,6 @@ import ( "net/http" "github.com/yusing/go-proxy/internal/common" - "github.com/yusing/go-proxy/internal/logging" "github.com/yusing/go-proxy/internal/net/gphttp" ) @@ -13,7 +12,6 @@ var defaultAuth Provider // Initialize sets up authentication providers. func Initialize() error { if !IsEnabled() { - logging.Warn().Msg("authentication is disabled, please set API_JWT_SECRET or OIDC_* to enable authentication") return nil } diff --git a/internal/common/crypto.go b/internal/common/crypto.go index 6214a57..3dcc204 100644 --- a/internal/common/crypto.go +++ b/internal/common/crypto.go @@ -1,6 +1,7 @@ package common import ( + "crypto/rand" "encoding/base64" "github.com/rs/zerolog/log" @@ -16,3 +17,12 @@ func decodeJWTKey(key string) []byte { } return bytes } + +func RandomJWTKey() []byte { + key := make([]byte, 32) + _, err := rand.Read(key) + if err != nil { + log.Panic().Err(err).Msg("failed to generate random jwt key") + } + return key +}