给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)

This commit is contained in:
2025-10-17 15:28:22 +08:00
parent 9ec6d30573
commit 59706b70d0
70 changed files with 2279 additions and 688 deletions
+15
View File
@@ -22,9 +22,24 @@ if [ ! -f .env ]; then
echo "NEXT_PUBLIC_API_URL="
echo "NEXT_PUBLIC_APP_ID="
echo "NEXT_PUBLIC_APP_KEY="
echo "JWT_SECRET="
exit 1
fi
# 检查 JWT_SECRET 是否配置
if ! grep -q "^JWT_SECRET=" .env; then
echo "⚠️ 警告: .env 文件中未配置 JWT_SECRET"
echo "JWT_SECRET 用于签名和验证 JWT token,是必需的安全配置。"
echo "请在 .env 文件中添加:"
echo "JWT_SECRET=your-strong-random-secret-key"
echo ""
echo "可以使用以下命令生成强随机密钥:"
echo "npm run generate:jwt-secret"
exit 1
fi
echo "✅ 环境变量检查通过"
# 创建日志目录
mkdir -p logs