fix: 自动生成 SESSION_SECRET 配置
- 新安装时自动生成随机 SESSION_SECRET - 更新时自动补充缺失的 SESSION_SECRET - 避免生产环境因缺少密钥而启动失败 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
16
install.sh
16
install.sh
@@ -2111,6 +2111,9 @@ create_env_file() {
|
|||||||
# 生成随机JWT密钥
|
# 生成随机JWT密钥
|
||||||
JWT_SECRET=$(openssl rand -base64 32)
|
JWT_SECRET=$(openssl rand -base64 32)
|
||||||
|
|
||||||
|
# 生成随机Session密钥
|
||||||
|
SESSION_SECRET=$(openssl rand -hex 32)
|
||||||
|
|
||||||
# ========== CORS 安全配置自动生成 ==========
|
# ========== CORS 安全配置自动生成 ==========
|
||||||
# 根据部署模式自动配置 ALLOWED_ORIGINS 和 COOKIE_SECURE
|
# 根据部署模式自动配置 ALLOWED_ORIGINS 和 COOKIE_SECURE
|
||||||
|
|
||||||
@@ -2156,6 +2159,9 @@ ADMIN_PASSWORD=${ADMIN_PASSWORD}
|
|||||||
# JWT密钥
|
# JWT密钥
|
||||||
JWT_SECRET=${JWT_SECRET}
|
JWT_SECRET=${JWT_SECRET}
|
||||||
|
|
||||||
|
# Session密钥(用于会话管理)
|
||||||
|
SESSION_SECRET=${SESSION_SECRET}
|
||||||
|
|
||||||
# 数据库路径
|
# 数据库路径
|
||||||
DATABASE_PATH=./data/database.db
|
DATABASE_PATH=./data/database.db
|
||||||
|
|
||||||
@@ -3856,6 +3862,16 @@ update_patch_env() {
|
|||||||
else
|
else
|
||||||
print_info ".env 已包含 TRUST_PROXY,保持不变"
|
print_info ".env 已包含 TRUST_PROXY,保持不变"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# 检查 SESSION_SECRET(会话安全配置,生产环境必需)
|
||||||
|
if ! grep -q "^SESSION_SECRET=" "${PROJECT_DIR}/backend/.env"; then
|
||||||
|
# 自动生成随机 Session 密钥
|
||||||
|
NEW_SESSION_SECRET=$(openssl rand -hex 32)
|
||||||
|
echo "SESSION_SECRET=${NEW_SESSION_SECRET}" >> "${PROJECT_DIR}/backend/.env"
|
||||||
|
print_warning "已为现有 .env 补充 SESSION_SECRET(已自动生成安全密钥)"
|
||||||
|
else
|
||||||
|
print_info ".env 已包含 SESSION_SECRET,保持不变"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
print_warning "未找到 ${PROJECT_DIR}/backend/.env,请手动确认配置"
|
print_warning "未找到 ${PROJECT_DIR}/backend/.env,请手动确认配置"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user