fix: admin login session

cmd/eiblog/main.go

@@ -9,6 +9,7 @@ import (
 	"github.com/eiblog/eiblog/cmd/eiblog/handler/file"
 	"github.com/eiblog/eiblog/cmd/eiblog/handler/pages"
 	"github.com/eiblog/eiblog/cmd/eiblog/handler/swag"
+	"github.com/eiblog/eiblog/tools"
 
 	"github.com/eiblog/eiblog/pkg/middleware"
 
@@ -36,7 +37,7 @@ func runHTTPServer(endRun chan error) {
 		middleware.SessionOpts{
 			Name:   "su",
 			Secure: config.Conf.RunMode.IsReleaseMode(),
-			Secret: []byte("ZGlzvcmUoMTAsICI="),
+			Secret: tools.CryptoRand(16),
 		}))
 
 	// swag

tools/tools.go

@@ -2,6 +2,7 @@
 package tools
 
 import (
+	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
 	"io"
@@ -128,3 +129,14 @@ func IgnoreHTMLTag(src string) string {
 	// 去除换行符
 	return regexpEnter.ReplaceAllString(src, "")
 }
+
+// CryptoRand random with crypto/rand
+func CryptoRand(byteLen int) []byte {
+	buf := make([]byte, byteLen)
+
+	_, err := rand.Read(buf)
+	if err != nil {
+		panic(fmt.Sprintf("rand: error reading random bytes: %s", err))
+	}
+	return buf
+}