Browse Source

Change userJWTSecret to a random value to improve security

xcbosa-itx 2 years ago
parent
commit
2ad56ac0d0

+ 1 - 1
controller/auto-generated/framework7-framework7-bundle.min.css.cpp

@@ -1,5 +1,5 @@
 //
-// Created by xcbosa on 2023-02-08
+// Created by xcbosa on 2023-02-10
 //
 
 #include "../../processor/processor.h"

+ 1 - 1
controller/auto-generated/framework7-framework7-bundle.min.js.cpp

@@ -1,5 +1,5 @@
 //
-// Created by xcbosa on 2023-02-08
+// Created by xcbosa on 2023-02-10
 //
 
 #include "../../processor/processor.h"

+ 1 - 1
controller/auto-generated/index.css.cpp

@@ -1,5 +1,5 @@
 //
-// Created by xcbosa on 2023-02-08
+// Created by xcbosa on 2023-02-10
 //
 
 #include "../../processor/processor.h"

+ 1 - 1
controller/auto-generated/index.js.cpp

@@ -1,5 +1,5 @@
 //
-// Created by xcbosa on 2023-02-08
+// Created by xcbosa on 2023-02-10
 //
 
 #include "../../processor/processor.h"

+ 1 - 1
controller/auto-generated/sha256.js.cpp

@@ -1,5 +1,5 @@
 //
-// Created by xcbosa on 2023-02-08
+// Created by xcbosa on 2023-02-10
 //
 
 #include "../../processor/processor.h"

+ 0 - 13
frp.cpp

@@ -12,9 +12,6 @@
 #include <strstream>
 #include "frp.h"
 #include <iomanip>
-#include <chrono>
-#include <functional>
-#include <random>
 
 using namespace std;
 using namespace xc;
@@ -248,16 +245,6 @@ namespace xc::frp {
         }
     }
 
-    static string create_uuid() {
-        ostringstream stream;
-        auto random_seed = std::chrono::system_clock::now().time_since_epoch().count();
-        std::mt19937 seed_engine(random_seed);
-        std::uniform_int_distribution<std::size_t> random_gen;
-        std::size_t value = random_gen(seed_engine);
-        stream << hex << value;
-        return stream.str();
-    }
-
     ProfilePortInfo::ProfilePortInfo() { }
 
     ProfilePortInfo::ProfilePortInfo(string localIp, int localPort, int remotePort):

+ 6 - 0
main.cpp

@@ -90,7 +90,13 @@ const static strcmd install("install", "install", "安装", 0, [] (auto args) {
     cout << "安装成功。" << endl;
 });
 
+namespace xc::conf {
+    string userJWTSecret;
+}
+
 int main(int argc, char **argv) {
+    conf::userJWTSecret = create_uuid();
+
     std::cout << "FRPC WebUI HelloWorld!" << std::endl;
     CommandLineWorker cmdLine;
 

+ 13 - 0
utils/strop.cpp

@@ -3,6 +3,9 @@
 //
 
 #include "strop.h"
+#include <chrono>
+#include <functional>
+#include <random>
 
 namespace xc {
     namespace utils {
@@ -79,5 +82,15 @@ namespace xc {
             return value >= minIncluded && value < maxExcluded;
         }
 
+        string create_uuid() {
+            ostringstream stream;
+            auto random_seed = std::chrono::system_clock::now().time_since_epoch().count();
+            std::mt19937 seed_engine(random_seed);
+            std::uniform_int_distribution<std::size_t> random_gen;
+            std::size_t value = random_gen(seed_engine);
+            stream << hex << value;
+            return stream.str();
+        }
+
     } // xc
 } // utils

+ 1 - 0
utils/strop.h

@@ -21,6 +21,7 @@ namespace xc {
         int to_int(string s, bool &isSuccess);
         int to_int(string s, int defaultValue);
         bool is_in(int value, int minIncluded, int maxExcluded);
+        string create_uuid();
 
     } // xc
 } // utils

+ 1 - 1
webuiconf.h

@@ -47,7 +47,7 @@ namespace xc::conf {
     const int allowPortCountPerProfile(10);
 
     const string userPasswordSalt("eDGJ&v,.W0U(66.lVQFsKfWb*bm*M+Lj");
-    const string userJWTSecret("r)xB=P-6A4dpqXLk%03=f+*8TlXDM@%r");
+    extern string userJWTSecret;
     const string rootDir = "/etc/frpcwebui";
     const int userTokenExpireSeconds = 60 * 60 * 24;
     const vector<string> supportTypes = { "tcp", "udp" };