Hardcoded Secret Key in JWT Authentication Initialization

[gtqbhksl]

func init() { service.RegisterAuth(New())

auth := jwt.New(&jwt.GfJWTMiddleware{
    Realm:           "test zone",
    Key:             []byte("secret key"),
    Timeout:         time.Minute * 5,
    MaxRefresh:      time.Minute * 5,
    IdentityKey:     "id",
    TokenLookup:     "header: Authorization, query: token, cookie: jwt",
    TokenHeadName:   "Bearer",
    TimeFunc:        time.Now,
    Authenticator:   Auth().Authenticator,
    Unauthorized:    Auth().Unauthorized,
    PayloadFunc:     Auth().PayloadFunc,
    IdentityHandler: Auth().IdentityHandler,
})
authService = auth

}

In file internal/logic/auth/auth. line 37, there is a hard coded Key (Key) value, namely the "secret Key". Hard-coded credentials (such as keys, passwords, API keys, etc.) are one of the common mistakes of security development. If an attacker has access to these hard-coded credentials, they may be able to exploit them Data to access a system or service. Hard-coded credentials often lead to security risks because they make it easier for attackers to obtain sensitive information and potentially use it to perform malicious activities.

[demozx]

@gtqbhksl Thanks, I fixed it