From a65dcd220f7eca9389dbfcce2940bdf5d61a5e02 Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Fri, 26 Dec 2025 11:21:47 +0800 Subject: [PATCH] :lock: Randomly generate the cookie key https://github.com/siyuan-note/siyuan/issues/16690 Signed-off-by: Daniel <845765@qq.com> --- kernel/harmony/kernel.go | 4 ++-- kernel/main.go | 2 +- kernel/mobile/kernel.go | 4 ++-- kernel/model/conf.go | 5 +++++ kernel/server/serve.go | 5 +++-- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/kernel/harmony/kernel.go b/kernel/harmony/kernel.go index 731e02403..27a0f0e81 100644 --- a/kernel/harmony/kernel.go +++ b/kernel/harmony/kernel.go @@ -37,7 +37,7 @@ import ( //export StartKernelFast func StartKernelFast(container, appDir, workspaceBaseDir, localIPs *C.char) { - go server.Serve(true) + go server.Serve(true, model.Conf.CookieKey) } //export StartKernel @@ -49,7 +49,7 @@ func StartKernel(container, appDir, workspaceBaseDir, timezoneID, localIPs, lang util.BootMobile(C.GoString(container), C.GoString(appDir), C.GoString(workspaceBaseDir), C.GoString(lang)) model.InitConf() - go server.Serve(false) + go server.Serve(false, model.Conf.CookieKey) go func() { model.InitAppearance() sql.InitDatabase(false) diff --git a/kernel/main.go b/kernel/main.go index 80b6a3462..2ac2917b4 100644 --- a/kernel/main.go +++ b/kernel/main.go @@ -31,7 +31,7 @@ func main() { util.Boot() model.InitConf() - go server.Serve(false) + go server.Serve(false, model.Conf.CookieKey) model.InitAppearance() sql.InitDatabase(false) sql.InitHistoryDatabase(false) diff --git a/kernel/mobile/kernel.go b/kernel/mobile/kernel.go index 1194c7d25..82464507e 100644 --- a/kernel/mobile/kernel.go +++ b/kernel/mobile/kernel.go @@ -197,7 +197,7 @@ func VerifyAppStoreTransaction(accountToken, transactionID string) (retCode int) } func StartKernelFast(container, appDir, workspaceBaseDir, localIPs string) { - go server.Serve(true) + go server.Serve(true, model.Conf.CookieKey) } func StartKernel(container, appDir, workspaceBaseDir, timezoneID, localIPs, lang, osVer string) { @@ -208,7 +208,7 @@ func StartKernel(container, appDir, workspaceBaseDir, timezoneID, localIPs, lang util.BootMobile(container, appDir, workspaceBaseDir, lang) model.InitConf() - go server.Serve(false) + go server.Serve(false, model.Conf.CookieKey) go func() { model.InitAppearance() sql.InitDatabase(false) diff --git a/kernel/model/conf.go b/kernel/model/conf.go index 9d8873b02..ae6f717fa 100644 --- a/kernel/model/conf.go +++ b/kernel/model/conf.go @@ -82,6 +82,7 @@ type AppConf struct { CloudRegion int `json:"cloudRegion"` // 云端区域,0:中国大陆,1:北美 Snippet *conf.Snpt `json:"snippet"` // 代码片段 DataIndexState int `json:"dataIndexState"` // 数据索引状态,0:已索引,1:未索引 + CookieKey string `json:"cookieKey"` // 用于加密 Cookie 的密钥 m *sync.RWMutex // 配置数据锁 userLock *sync.RWMutex // 用户数据独立锁,避免与配置保存操作竞争 @@ -579,6 +580,10 @@ func InitConf() { Conf.DataIndexState = 0 + if "" == Conf.CookieKey { + Conf.CookieKey = gulu.Rand.String(16) + } + Conf.Save() logging.SetLogLevel(Conf.LogLevel) diff --git a/kernel/server/serve.go b/kernel/server/serve.go index 6c06e479c..e55ee92d2 100644 --- a/kernel/server/serve.go +++ b/kernel/server/serve.go @@ -62,7 +62,7 @@ const ( ) var ( - sessionStore = cookie.NewStore([]byte("ATN51UlxVq1Gcvdf")) + sessionStore cookie.Store HttpMethods = []string{ http.MethodGet, @@ -129,7 +129,7 @@ var ( } ) -func Serve(fastMode bool) { +func Serve(fastMode bool, cookieKey string) { gin.SetMode(gin.ReleaseMode) ginServer := gin.New() ginServer.UseH2C = true @@ -143,6 +143,7 @@ func Serve(fastMode bool) { gzip.Gzip(gzip.DefaultCompression, gzip.WithExcludedExtensions([]string{".pdf", ".mp3", ".wav", ".ogg", ".mov", ".weba", ".mkv", ".mp4", ".webm", ".flac"})), ) + sessionStore = cookie.NewStore([]byte(cookieKey)) sessionStore.Options(sessions.Options{ Path: "/", Secure: util.SSL,