Hardcoded Secret Key in JWT Authentication Initialization

[gtqbhksl]

func init() {
service.RegisterAuth(New())

auth := jwt.New(&jwt.GfJWTMiddleware{
	Realm:           "test zone",
	Key:             []byte("secret key"),
	Timeout:         time.Minute * 5,
	MaxRefresh:      time.Minute * 5,
	IdentityKey:     "id",
	TokenLookup:     "header: Authorization, query: token, cookie: jwt",
	TokenHeadName:   "Bearer",
	TimeFunc:        time.Now,
	Authenticator:   Auth().Authenticator,
	Unauthorized:    Auth().Unauthorized,
	PayloadFunc:     Auth().PayloadFunc,
	IdentityHandler: Auth().IdentityHandler,
})
authService = auth

}

In file internal/logic/auth/auth. line 37, there is a hard coded Key (Key) value, namely the "secret Key". Hard-coded credentials (such as keys, passwords, API keys, etc.) are one of the common mistakes of security development. If an attacker has access to these hard-coded credentials, they may be able to exploit them
Data to access a system or service. Hard-coded credentials often lead to security risks because they make it easier for attackers to obtain sensitive information and potentially use it to perform malicious activities.

[demozx]

@gtqbhksl Thanks, I fixed it