From 1c3794f151a99f9697de636cd30a4e509edf30a1 Mon Sep 17 00:00:00 2001 From: 145425491 <1245294786@qq.com> Date: Tue, 2 Jul 2024 10:17:48 +0800 Subject: [PATCH 1/3] fix(server): Random generate default jwt secret key --- .../apache/hugegraph/auth/StandardAuthManager.java | 1 + .../org/apache/hugegraph/config/AuthOptions.java | 12 +++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index 6f84cbf290..8f05775ee7 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -107,6 +107,7 @@ public StandardAuthManager(HugeGraphParams graph) { HugeAccess::fromEdge); this.tokenGenerator = new TokenGenerator(config); + LOG.info("Key of default JWT token is generated randomly now"); this.ipWhiteList = new HashSet<>(); diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java index af04934610..045f00e65b 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java @@ -21,6 +21,9 @@ import static org.apache.hugegraph.config.OptionChecker.rangeDouble; import static org.apache.hugegraph.config.OptionChecker.rangeInt; +import java.security.SecureRandom; +import java.util.Base64; + public class AuthOptions extends OptionHolder { private AuthOptions() { @@ -82,7 +85,7 @@ public static synchronized AuthOptions instance() { "through rpc forwarding. The remote url can be set to " + "multiple addresses, which are concat by ','.", null, - "" + generateRandomBase64Key() ); public static final ConfigOption AUTH_TOKEN_SECRET = @@ -126,4 +129,11 @@ public static synchronized AuthOptions instance() { rangeInt(0L, Long.MAX_VALUE), (3600 * 24L) ); + + private static String generateRandomBase64Key() { + SecureRandom random = new SecureRandom(); + byte[] bytes = new byte[32]; // 32 bytes for HMAC-SHA256 + random.nextBytes(bytes); + return Base64.getEncoder().encodeToString(bytes); + } } From 146046913f45be5076fa8893a5463eac8969f5be Mon Sep 17 00:00:00 2001 From: 145425491 <1245294786@qq.com> Date: Fri, 5 Jul 2024 15:16:43 +0800 Subject: [PATCH 2/3] fix(server): random generate default jwt secret key --- .../main/java/org/apache/hugegraph/config/AuthOptions.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java index 045f00e65b..3cd27bf3f4 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java @@ -85,7 +85,7 @@ public static synchronized AuthOptions instance() { "through rpc forwarding. The remote url can be set to " + "multiple addresses, which are concat by ','.", null, - generateRandomBase64Key() + "" ); public static final ConfigOption AUTH_TOKEN_SECRET = @@ -93,7 +93,7 @@ public static synchronized AuthOptions instance() { "auth.token_secret", "Secret key of HS256 algorithm.", disallowEmpty(), - "FXQXbJtbCLxODc6tGci732pkH1cyf8Qg" + generateRandomBase64Key() ); public static final ConfigOption AUTH_AUDIT_LOG_RATE = From 85c2b6df2e45279b6f25b34d2366ea77a2a53470 Mon Sep 17 00:00:00 2001 From: imbajin Date: Sat, 13 Jul 2024 20:28:51 +0800 Subject: [PATCH 3/3] Apply suggestions from code review --- .../java/org/apache/hugegraph/auth/StandardAuthManager.java | 2 +- .../src/main/java/org/apache/hugegraph/config/AuthOptions.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java index 8f05775ee7..103c58afca 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/auth/StandardAuthManager.java @@ -107,7 +107,7 @@ public StandardAuthManager(HugeGraphParams graph) { HugeAccess::fromEdge); this.tokenGenerator = new TokenGenerator(config); - LOG.info("Key of default JWT token is generated randomly now"); + LOG.info("Randomly generate a JWT secret key now"); this.ipWhiteList = new HashSet<>(); diff --git a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java index 3cd27bf3f4..c996082dab 100644 --- a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java +++ b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java @@ -132,7 +132,8 @@ public static synchronized AuthOptions instance() { private static String generateRandomBase64Key() { SecureRandom random = new SecureRandom(); - byte[] bytes = new byte[32]; // 32 bytes for HMAC-SHA256 + // 32 bytes for HMAC-SHA256 + byte[] bytes = new byte[32]; random.nextBytes(bytes); return Base64.getEncoder().encodeToString(bytes); }