Merge pull request #169 from linhaojun857/dev

Fix safety problem

aurora-springboot/src/main/java/com/aurora/constant/AuthConstant.java

@@ -10,6 +10,4 @@ public interface AuthConstant {
 
     String TOKEN_PREFIX = "Bearer ";
 
-    String SECRET = "huaweimian";
-
 }

aurora-springboot/src/main/java/com/aurora/service/impl/TokenServiceImpl.java

@@ -7,6 +7,7 @@ import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 
@@ -26,6 +27,9 @@ import static com.aurora.constant.RedisConstant.LOGIN_USER;
 @Service
 public class TokenServiceImpl implements TokenService {
 
+    @Value("${jwt.secret}")
+    private String secret;
+
     @Autowired
     private RedisService redisService;
 
@@ -89,7 +93,7 @@ public class TokenServiceImpl implements TokenService {
     }
 
     public SecretKey generalKey() {
-        byte[] encodedKey = Base64.getDecoder().decode(SECRET);
+        byte[] encodedKey = Base64.getDecoder().decode(secret);
         return new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
     }
 

aurora-springboot/src/main/resources/application-prod.yml

@@ -77,6 +77,9 @@ mybatis-plus:
     log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
     map-underscore-to-camel-case: true
 
+jwt:
+  secret: aurora
+
 search:
   mode: elasticsearch