237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
175087c89444c36729c9f5f825804023ff6d76de
vue-driven-cloud-storage/deploy.sh
喻勇祥 a953bda39a 安全: 修复JWT密钥使用默认值的安全隐患 
问题描述:
- JWT_SECRET使用硬编码默认值,存在严重安全风险
- 生产环境token可被轻易伪造

修复内容:
1. 在auth.js中添加JWT密钥安全检查
   - 检测默认密钥并发出警告
   - 生产环境强制要求设置JWT_SECRET
2. 更新.env.example添加JWT_SECRET配置说明
   - 提供密钥生成方法
   - 添加其他安全配置项
3. 优化deploy.sh部署脚本
   - 自动生成随机JWT密钥
   - 检测并替换默认密钥

影响范围: 安全认证模块

测试建议:
- 启动服务验证JWT_SECRET警告正常显示
- 使用deploy.sh部署验证自动生成密钥

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 13:17:57 +08:00

149 lines
3.9 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# 玩玩云一键部署脚本
# 使用方法: bash deploy.sh
set -e
echo "========================================="
echo " 玩玩云 - 一键部署脚本"
echo "========================================="
echo ""
# 检查Docker
if ! command -v docker &> /dev/null; then
echo "❌ 错误: Docker未安装"
echo "请先安装Docker: https://docs.docker.com/engine/install/"
exit 1
fi
# 检查Docker Compose
if ! command -v docker-compose &> /dev/null; then
echo "❌ 错误: Docker Compose未安装"
echo "请先安装Docker Compose: https://docs.docker.com/compose/install/"
exit 1
fi
echo "✓ Docker版本: $(docker --version)"
echo "✓ Docker Compose版本: $(docker-compose --version)"
echo ""
# 检查必要的目录
echo "📁 检查项目结构..."
REQUIRED_DIRS=("backend" "frontend" "nginx")
for dir in "${REQUIRED_DIRS[@]}"; do
if [ ! -d "$dir" ]; then
echo "❌ 错误: 缺少 $dir 目录"
exit 1
fi
done
echo "✓ 项目结构完整"
echo ""
# 创建必要的目录
echo "📂 创建必要的目录..."
mkdir -p certbot/conf
mkdir -p certbot/www
mkdir -p backend/uploads
mkdir -p storage
echo "✓ 目录创建完成"
echo ""
# 检查.env文件并生成JWT密钥
echo "🔐 配置环境变量..."
if [ ! -f "backend/.env" ]; then
echo "⚠️ backend/.env 文件不存在,正在创建..."
if [ -f "backend/.env.example" ]; then
cp backend/.env.example backend/.env
echo "✓ 已从.env.example创建.env文件"
else
echo "⚠️ .env.example不存在创建基础配置"
cat > backend/.env << 'ENVEOF'
PORT=40001
NODE_ENV=production
ADMIN_USERNAME=admin
ADMIN_PASSWORD=admin123
STORAGE_ROOT=/app/storage
ALLOWED_ORIGINS=*
COOKIE_SECURE=false
ENVEOF
fi
# 生成随机JWT密钥
echo "🔑 生成随机JWT密钥..."
JWT_SECRET=$(openssl rand -hex 32 2>/dev/null || cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
# 替换或添加JWT_SECRET
if grep -q "^JWT_SECRET=" backend/.env; then
sed -i "s|^JWT_SECRET=.*|JWT_SECRET=$JWT_SECRET|" backend/.env
else
echo "JWT_SECRET=$JWT_SECRET" >> backend/.env
fi
echo "✓ JWT密钥已生成并保存"
else
echo "✓ backend/.env 文件已存在"
# 检查JWT_SECRET是否为默认值
if grep -q "^JWT_SECRET=your-secret-key" backend/.env; then
echo "⚠️ 检测到JWT_SECRET使用默认值正在生成新密钥..."
JWT_SECRET=$(openssl rand -hex 32 2>/dev/null || cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
sed -i "s|^JWT_SECRET=.*|JWT_SECRET=$JWT_SECRET|" backend/.env
echo "✓ JWT密钥已更新"
fi
fi
echo ""
# 停止旧容器
echo "🔄 停止旧容器..."
docker-compose down 2>/dev/null || true
echo "✓ 旧容器已停止"
echo ""
# 构建并启动
echo "🚀 构建并启动服务..."
docker-compose up --build -d
# 等待服务启动
echo ""
echo "⏳ 等待服务启动..."
sleep 5
# 检查容器状态
echo ""
echo "📊 检查容器状态..."
docker-compose ps
# 检查后端日志
echo ""
echo "📝 后端启动日志:"
docker-compose logs --tail=20 backend
# 显示访问信息
echo ""
echo "========================================="
echo " 🎉 部署完成!"
echo "========================================="
echo ""
echo "📍 访问地址:"
echo " 前端: http://localhost:8080"
echo " 后端API: http://localhost:40001"
echo ""
echo "👤 默认管理员账号:"
echo " 用户名: admin"
echo " 密码: admin123"
echo " ⚠️ 请立即登录并修改密码!"
echo ""
echo "🔐 安全提示:"
echo " JWT密钥已自动生成保存在 backend/.env 中"
echo " 请妥善保管该文件!"
echo ""
echo "📚 查看日志:"
echo " docker-compose logs -f"
echo ""
echo "🛑 停止服务:"
echo " docker-compose down"
echo ""
echo "========================================="
Reference in New Issue View Git Blame Copy Permalink