feat(security): enhance JWT secret auto-generation warning

Add prominent warning messages when JWT secret is auto-generated:
- Use multi-line banner format for better visibility
- Include actionable guidance for production deployments
- Update both setup.go and security_secret_bootstrap.go

This helps operators notice the security concern and take
appropriate action before deploying to production.
This commit is contained in:
User
2026-04-16 21:37:03 +08:00
parent a09d37dbd2
commit ebe2d250f3
2 changed files with 21 additions and 3 deletions

View File

@@ -297,7 +297,11 @@ func Install(cfg *SetupConfig) error {
return fmt.Errorf("failed to generate jwt secret: %w", err)
}
cfg.JWT.Secret = secret
logger.LegacyPrintf("setup", "%s", "Warning: JWT secret auto-generated. Consider setting a fixed secret for production.")
// 使用更醒目的告警格式
logger.LegacyPrintf("setup", "================================================================================")
logger.LegacyPrintf("setup", "⚠️ SECURITY WARNING: JWT secret auto-generated")
logger.LegacyPrintf("setup", " For production, set JWT_SECRET environment variable or jwt.secret in config.yaml")
logger.LegacyPrintf("setup", "================================================================================")
}
// Test connections
@@ -594,7 +598,11 @@ func AutoSetupFromEnv() error {
return fmt.Errorf("failed to generate jwt secret: %w", err)
}
cfg.JWT.Secret = secret
logger.LegacyPrintf("setup", "%s", "Warning: JWT secret auto-generated. Consider setting a fixed secret for production.")
// 使用更醒目的告警格式
logger.LegacyPrintf("setup", "================================================================================")
logger.LegacyPrintf("setup", "⚠️ SECURITY WARNING: JWT secret auto-generated")
logger.LegacyPrintf("setup", " For production, set JWT_SECRET environment variable or jwt.secret in config.yaml")
logger.LegacyPrintf("setup", "================================================================================")
}
// Test database connection