From 0b14f39ce3781e3f758f155fd917cd80c9a02b64 Mon Sep 17 00:00:00 2001
From: wanhebin <wanhebin@outlook.com>
Date: Thu, 6 Apr 2023 22:45:32 +0800
Subject: [PATCH] Security fix: API secret value changed to randomly generated
 64-bit string at each startup.

---
 start.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/start.sh b/start.sh
index ed1fca4..3b4aa5b 100755
--- a/start.sh
+++ b/start.sh
@@ -100,6 +100,9 @@ cat $Temp_Dir/proxy.txt >> $Temp_Dir/config.yaml
 Work_Dir=$(cd $(dirname $0); pwd)
 Dashboard_Dir="${Work_Dir}/dashboard/public"
 sed -ri "s@^# external-ui:.*@external-ui: ${Dashboard_Dir}@g" $Conf_Dir/config.yaml
+# 随机生成并更新 API Secret
+Secret=`openssl rand -hex 32`
+sed -r -i '/^secret: /s@(secret: ).*@\1'${Secret}'@g' $Conf_Dir/config.yaml
 # Get RESTful API Secret
 Secret=`grep '^secret: ' $Conf_Dir/config.yaml | grep -Po "(?<=secret: ').*(?=')"`