给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)
This commit is contained in:
@@ -0,0 +1,13 @@
|
||||
# APP ID
|
||||
NEXT_PUBLIC_APP_ID=http://your-dify-host/app/your-app-id/configuration
|
||||
|
||||
# APP API key
|
||||
NEXT_PUBLIC_APP_KEY=app-your-api-key
|
||||
|
||||
# Dify API URL
|
||||
NEXT_PUBLIC_API_URL=http://your-dify-api-url
|
||||
|
||||
# JWT Secret - 用于签名和验证前端JWT token
|
||||
# ⚠️ 生产环境请务必修改为强随机字符串(建议至少64个字符)
|
||||
# 可以使用以下命令生成: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"
|
||||
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
|
||||
Reference in New Issue
Block a user