refactor: update jwt secret generator more safe for user

src/server/utils/common.ts

@@ -9,6 +9,7 @@ import _ from 'lodash';
 import { getWorkspaceWebsiteDateRange } from '../model/workspace';
 import { isCuid } from '@paralleldrive/cuid2';
 import { getMinimumUnit } from '@tianji/shared';
+import { env } from './env';
 
 export { isCuid };
 
@@ -151,8 +152,7 @@ function getDataType(value: any): string {
 /**
  * Secret for auth and cacheTokenGenerate
  */
-export const jwtSecret =
+export const jwtSecret = env.jwtSecret;
-  process.env.JWT_SECRET || hashUuid(dayjs().format('YYYYMMDD'));
 
 export function createToken(payload: any, secret = jwtSecret, options?: any) {
   return jwt.sign(payload, secret, options);

src/server/utils/env.ts

@@ -1,6 +1,13 @@
+import { v1 as uuid } from 'uuid';
+
 export const env = {
   isProd: process.env.NODE_ENV === 'production',
   isTest: process.env.NODE_ENV === 'test',
+  jwtSecret:
+    !process.env.JWT_SECRET ||
+    process.env.JWT_SECRET === 'replace-me-with-a-random-string'
+      ? uuid()
+      : process.env.JWT_SECRET,
   port: Number(process.env.PORT || 12345),
   allowRegister: checkEnvTrusty(process.env.ALLOW_REGISTER),
   allowOpenapi: checkEnvTrusty(process.env.ALLOW_OPENAPI),