feat: jwt 密钥持久化存数据库

packages/server/package.json

@@ -52,6 +52,7 @@
     "markdown-it": "^13.0.1",
     "markdown-it-katex": "^2.0.3",
     "markdown-it-task-lists": "^2.1.1",
+    "mongodb": "^5.1.0",
     "mongoose": "^7.0.1",
     "passport": "^0.6.0",
     "passport-jwt": "^4.0.1",

packages/server/src/app.module.ts

@@ -86,6 +86,7 @@ import { Pipeline, PipelineSchema } from './scheme/pipeline.schema';
 import { PipelineProvider } from './provider/pipeline/pipeline.provider';
 import { PipelineController } from './controller/admin/pipeline/pipeline.controller';
 import { TokenController } from './controller/admin/token/token.controller';
+import { initJwt } from './utils/initJwt';
 
 @Module({
   imports: [
@@ -106,11 +107,15 @@ import { TokenController } from './controller/admin/token/token.controller';
       { name: Category.name, schema: CategorySchema },
       { name: Pipeline.name, schema: PipelineSchema },
     ]),
-    JwtModule.register({
-      secret: config.jwtSecret,
-      signOptions: {
-        expiresIn: 3600 * 24 * 7,
-      },
+    JwtModule.registerAsync({
+      useFactory: async () => {
+        return {
+          secret: await initJwt(),
+          signOptions: {
+            expiresIn: 3600 * 24 * 7,
+          },
+        };
+      }
     }),
     ScheduleModule.forRoot(),
   ],

packages/server/src/config/index.ts

@@ -1,9 +1,7 @@
-import { makeSalt } from 'src/utils/crypto';
 import { loadConfig } from 'src/utils/loadConfig';
 
 export interface Config {
   mongoUrl: string;
-  jwtSecret: string;
   staticPath: string;
   codeRunnerPath: string;
   pluginRunnerPath: string;
@@ -12,8 +10,8 @@ export interface Config {
   log: string;
 }
 
-export const config: Config = {
-  mongoUrl: loadConfig('database.url', () => {
+export const loadMongoUrl = () => {
+return loadConfig('database.url', () => {
     const db = {
       host: loadConfig('database.host', 'mongo'),
       port: loadConfig('database.port', '27017'),
@@ -28,8 +26,11 @@ export const config: Config = {
       authInfo = `${db.user}:${db.passwd}@`;
 
     return `mongodb://${authInfo}${db.host}:${db.port}/${db.name}?authSource=admin`;
-  }),
-  jwtSecret: makeSalt(),
+  })
+}
+
+export const config: Config = {
+  mongoUrl: loadMongoUrl(),
   staticPath: loadConfig('static.path', '/app/static'),
   demo: loadConfig('demo', false),
   walineDB: loadConfig('waline.db', 'waline'),

packages/server/src/main.ts

@@ -14,8 +14,13 @@ import { json } from 'express';
 import { UserProvider } from './provider/user/user.provider';
 import { SettingProvider } from './provider/setting/setting.provider';
 import { WebsiteProvider } from './provider/website/website.provider';
+import { initJwt } from './utils/initJwt';
 
 async function bootstrap() {
+  const jwtSecret = await initJwt();
+  global.jwtSecret = jwtSecret;
+
+
   const app = await NestFactory.create<NestExpressApplication>(AppModule);
 
   app.use(json({ limit: '50mb' }));

packages/server/src/provider/auth/jwt.strategy.ts

@@ -1,7 +1,6 @@
 import { Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { ExtractJwt, Strategy } from 'passport-jwt';
-import { config } from 'src/config/index';
 import { MetaProvider } from '../meta/meta.provider';
 import { UserProvider } from '../user/user.provider';
 
@@ -14,7 +13,8 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
     super({
       // 获取请求header token值
       jwtFromRequest: ExtractJwt.fromHeader('token'),
-      secretOrKey: config.jwtSecret,
+      // 从 initJwtSecret 获取 jwt 密钥
+      secretOrKey      : global.jwtSecret,
     });
   }
 

packages/server/src/provider/waline/waline.provider.ts

@@ -88,7 +88,7 @@ export class WalineProvider {
     const otherEnv = {
       SITE_NAME: siteInfo?.siteName || undefined,
       SITE_URL: siteInfo?.baseUrl || undefined,
-      JWT_TOKEN: config.jwtSecret || makeSalt(),
+      JWT_TOKEN: global.jwtSecret || makeSalt(),
     };
     const walineConfig = await this.settingProvider.getWalineSetting();
     const walineConfigEnv = this.mapConfig2Env(walineConfig);

packages/server/src/utils/initJwt.ts

@@ -0,0 +1,18 @@
+import { loadMongoUrl } from "src/config"
+import { MongoClient } from "mongodb";
+import { makeSalt } from "./crypto";
+export const initJwt = async () => {
+  const mongoUrl = await loadMongoUrl();
+  const client = new MongoClient(mongoUrl);
+  await client.connect();
+  const db = client.db();
+  const collection = db.collection("settings");
+  const jwtSetting = await collection.findOne({ type: "jwt" });
+  if (jwtSetting) {
+    return jwtSetting.value.secret;
+  }else {
+    const secret = makeSalt();
+    await collection.insertOne({ type: "jwt", value: { secret } });
+    return secret;
+  }
+}