From 1fa56c68dde40c1aeab40a7518aea0d790dc6642 Mon Sep 17 00:00:00 2001
From: coward <coward@mrx.ltd>
Date: Fri, 12 Jul 2024 11:37:27 +0800
Subject: [PATCH] =?UTF-8?q?:art:jwt=E5=AF=86=E9=92=A5=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E9=9A=8F=E6=9C=BA=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 component/jwt.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/component/jwt.go b/component/jwt.go
index ee0d8b5..2ec4315 100644
--- a/component/jwt.go
+++ b/component/jwt.go
@@ -7,6 +7,7 @@ import (
 	"gitee.ltd/lxh/logger/log"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
+	"math/rand"
 	"strings"
 	"time"
 	"wireguard-ui/config"
@@ -15,9 +16,6 @@ import (
 	"wireguard-ui/utils"
 )
 
-// jwt密钥
-//const secret = "JQo7L1RYa8ArFWuj0wC9PyM3VzmDIfXZ2d5tsTOBhNgviE64bnKqGpSckxUlHey6"
-
 type JwtComponent struct {
 	ID string `json:"id"`
 	jwt.RegisteredClaims
@@ -103,6 +101,15 @@ func (JwtComponent) ParseToken(token, secret string) (*JwtComponent, error) {
 // @param secret
 // @return string
 func (JwtComponent) GenerateSecret(secret ...string) string {
+	// 添加10个元素,增加随机性
+	for i := 0; i <= 10; i++ {
+		secret = append(secret, uuid.NewString()
+	// 混淆一下明文secret的顺序
+	n := len(secret)
+	for i := n - 1; i > 0; i-- {
+		j := rand.Intn(i + 1)
+		secret[i], secret[j] = secret[j], secret[i]
+	}
 	secretStr := strings.Join(secret, ".")
 	return utils.Hash().MD5(utils.Hash().SHA256(utils.Hash().SHA512(secretStr)))
 }