From 3be58b8df5bc05d2343c30371dd5fcf6a9fbbf8b Mon Sep 17 00:00:00 2001
From: zhengkunwang223 <zhengkun@fit2cloud.com>
Date: Wed, 4 Jan 2023 17:28:22 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=20jwt=20=E7=A1=AC?=
 =?UTF-8?q?=E7=BC=96=E7=A0=81=E5=AF=BC=E8=87=B4=E7=9A=84=20k8s=20=E9=9B=86?=
 =?UTF-8?q?=E7=BE=A4=E6=8E=A5=E7=AE=A1=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/app.yml                       |  4 +++-
 internal/api/v1/session/session.go |  3 +--
 internal/api/v1/v1.go              |  3 +--
 internal/config/config.go          | 30 +++++++++++++++++++++++++-----
 internal/model/v1/config/config.go |  5 +++++
 internal/server/server.go          |  1 +
 6 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/conf/app.yml b/conf/app.yml
index 57041b1d..3146c6f1 100644
--- a/conf/app.yml
+++ b/conf/app.yml
@@ -12,4 +12,6 @@ spec:
   db:
     path: /var/lib/kubepi/db/kubepi.db
   session:
-    expires: 24
\ No newline at end of file
+    expires: 24
+  jwt:
+    key:
\ No newline at end of file
diff --git a/internal/api/v1/session/session.go b/internal/api/v1/session/session.go
index 45888aa4..59914019 100644
--- a/internal/api/v1/session/session.go
+++ b/internal/api/v1/session/session.go
@@ -32,7 +32,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-var JwtSigKey = []byte("signature_hmac_secret_shared_key")
 var jwtMaxAge = 10 * time.Minute
 
 type Handler struct {
@@ -51,7 +50,7 @@ func NewHandler() *Handler {
 		roleService:        role.NewService(),
 		rolebindingService: rolebinding.NewService(),
 		ldapService:        ldap.NewService(),
-		jwtSigner:          jwt.NewSigner(jwt.HS256, JwtSigKey, jwtMaxAge),
+		jwtSigner:          jwt.NewSigner(jwt.HS256, server.Config().Spec.Jwt.Key, jwtMaxAge),
 	}
 }
 
diff --git a/internal/api/v1/v1.go b/internal/api/v1/v1.go
index 68855088..176e366f 100644
--- a/internal/api/v1/v1.go
+++ b/internal/api/v1/v1.go
@@ -401,8 +401,7 @@ func resourceNameInvalidHandler() iris.Handler {
 }
 
 func WarpedJwtHandler() iris.Handler {
-
-	verifier := jwt.NewVerifier(jwt.HS256, session.JwtSigKey)
+	verifier := jwt.NewVerifier(jwt.HS256, server.Config().Spec.Jwt.Key)
 	verifier.WithDefaultBlocklist()
 	verifyMiddleware := verifier.Verify(func() interface{} {
 		return new(session.UserProfile)
diff --git a/internal/config/config.go b/internal/config/config.go
index 5342c045..ab9c40a2 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -1,12 +1,15 @@
 package config
 
 import (
+	"crypto/rand"
 	"encoding/json"
 	"fmt"
 	"github.com/KubeOperator/kubepi/internal/model/v1/config"
 	"github.com/KubeOperator/kubepi/pkg/file"
 	"github.com/coreos/etcd/pkg/fileutil"
 	"github.com/spf13/viper"
+	"math/big"
+	"strconv"
 )
 
 const configNotFoundSkipErr = "config file not found in %s, skip"
@@ -17,7 +20,7 @@ var configFilePaths = []string{
 	"/etc/kubepi",
 }
 
-func ReadConfig(c *config.Config, path ...string)  error {
+func ReadConfig(c *config.Config, path ...string) error {
 	v := viper.New()
 	v.SetConfigName("app")
 	v.SetConfigType("yaml")
@@ -41,19 +44,36 @@ func ReadConfig(c *config.Config, path ...string)  error {
 		if err := v.MergeInConfig(); err != nil {
 			fmt.Println(fmt.Sprintf(configMergeErr, configFilePaths))
 		}
+
 	}
 
 	var configMap map[string]interface{}
 	if err := v.Unmarshal(&configMap); err != nil {
-		return  err
+		return err
 	}
 	str, err := json.Marshal(&configMap)
 	if err != nil {
-		return  err
+		return err
 	}
 	if err := json.Unmarshal(str, &c); err != nil {
-		return  nil
+		return nil
+	}
+	if c.Spec.Jwt.Key == "" {
+		v.Set("spec.jwt.key", generate(32))
+		if err := v.WriteConfig(); err != nil {
+			return err
+		}
 	}
-	return  nil
+	return nil
 }
 
+func generate(length int) string {
+	const base = 36
+	size := big.NewInt(base)
+	n := make([]byte, length)
+	for i := range n {
+		c, _ := rand.Int(rand.Reader, size)
+		n[i] = strconv.FormatInt(c.Int64(), base)[0]
+	}
+	return string(n)
+}
diff --git a/internal/model/v1/config/config.go b/internal/model/v1/config/config.go
index 37221bc5..c377532c 100644
--- a/internal/model/v1/config/config.go
+++ b/internal/model/v1/config/config.go
@@ -12,6 +12,7 @@ type Spec struct {
 	DB      DBConfig      `json:"db"`
 	Session SessionConfig `json:"session"`
 	Logger  LoggerConfig  `json:"logger"`
+	Jwt     JwtConfig     `json:"jwt"`
 	AppId   string        `json:"appId"`
 }
 
@@ -42,3 +43,7 @@ type DBConfig struct {
 type SessionConfig struct {
 	Expires int `json:"expires"`
 }
+
+type JwtConfig struct {
+	Key string `json:"key"`
+}
diff --git a/internal/server/server.go b/internal/server/server.go
index b70e3014..1949393e 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -340,6 +340,7 @@ func getDefaultConfig() *v1Config.Config {
 				Expires: 72,
 			},
 			Logger: v1Config.LoggerConfig{Level: "debug"},
+			Jwt:    v1Config.JwtConfig{},
 		},
 	}
 }