fix: jwt signing key 使用随机字符串存入数据库

backend/constant/session.go

@@ -6,7 +6,6 @@ const (
 
 	AuthMethodJWT = "jwt"
 	JWTHeaderName = "Authorization"
-	JWTSigningKey = "1panelKey"
 	JWTBufferTime = 86400
 	JWTIssuer     = "1Panel"
 

backend/init/migration/migrations/init.go

@@ -7,6 +7,7 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/app/model"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/1Panel-dev/1Panel/backend/utils/common"
 
 	"github.com/go-gormigrate/gormigrate/v2"
 	"gorm.io/gorm"
@@ -93,6 +94,10 @@ var AddTableSetting = &gormigrate.Migration{
 		if err := tx.Create(&model.Setting{Key: "SecurityEntrance", Value: "onepanel"}).Error; err != nil {
 			return err
 		}
+		if err := tx.Create(&model.Setting{Key: "JWTSigningKey", Value: common.RandStr(16)}).Error; err != nil {
+			return err
+		}
+
 		if err := tx.Create(&model.Setting{Key: "ExpirationTime", Value: time.Now().AddDate(0, 0, 10).Format("2006-01-02 15:04:05")}).Error; err != nil {
 			return err
 		}

backend/utils/jwt/jwt.go

@@ -3,6 +3,7 @@ package jwt
 import (
 	"time"
 
+	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 
 	"github.com/golang-jwt/jwt/v4"
@@ -30,8 +31,10 @@ type BaseClaims struct {
 }
 
 func NewJWT() *JWT {
+	settingRepo := repo.NewISettingRepo()
+	jwtSign, _ := settingRepo.Get(settingRepo.WithByKey("JWTSigningKey"))
 	return &JWT{
-		[]byte(constant.JWTSigningKey),
+		[]byte(jwtSign.Value),
 	}
 }