From 8045fa8e66fb179ebd79668346b5cb77a18955f2 Mon Sep 17 00:00:00 2001
From: dash <1549469775@qq.com>
Date: Sat, 22 Nov 2025 23:53:34 +0800
Subject: [PATCH] Add JWT_SECRET generation to deploy.sh for enhanced security.
 Automatically creates or updates backend/.env with a strong random JWT_SECRET
 if not present, improving deployment process.

---
 deploy.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/deploy.sh b/deploy.sh
index cd75139..4458457 100644
--- a/deploy.sh
+++ b/deploy.sh
@@ -66,6 +66,24 @@ echo -e "${GREEN}✅ 编译工具已就绪${NC}"
 
 cp .env.backend.example backend/.env
 
+# 随机生成一个强壮的 JWT_SECRET，并写入 backend/.env（如果尚未存在）
+if [ ! -f backend/.env ]; then
+    echo -e "${BLUE}🔑 生成随机 JWT_SECRET...${NC}"
+    JWT_SECRET=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 48)
+    echo "JWT_SECRET=$JWT_SECRET" > backend/.env
+    echo -e "${GREEN}✅ 已生成 backend/.env 并写入 JWT_SECRET${NC}"
+else
+    # 若已存在 .env，检查是否包含 JWT_SECRET，没有则添加
+    if ! grep -q "^JWT_SECRET=" backend/.env; then
+        echo -e "${BLUE}🔑 写入随机 JWT_SECRET 到已有 backend/.env...${NC}"
+        JWT_SECRET=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 48)
+        echo "JWT_SECRET=$JWT_SECRET" >> backend/.env
+        echo -e "${GREEN}✅ 已写入随机 JWT_SECRET 到 backend/.env${NC}"
+    else
+        echo -e "${YELLOW}ℹ️ backend/.env 已存在 JWT_SECRET，跳过自动生成${NC}"
+    fi
+fi
+
 echo -e "${BLUE}📦 安装依赖...${NC}"
 pnpm install:all
 echo -e "${BLUE}📦 依赖安装完成${NC}"