From c1d73f1a453af62d15c25a79c382d9cefd8a3d2e Mon Sep 17 00:00:00 2001
From: "henry.chen" <henry.chen@trustasia.com>
Date: Fri, 25 Jul 2025 13:35:06 +0800
Subject: [PATCH] fix: admin login session

---
 cmd/eiblog/main.go |  3 ++-
 tools/tools.go     | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/cmd/eiblog/main.go b/cmd/eiblog/main.go
index c7289ff..d478279 100644
--- a/cmd/eiblog/main.go
+++ b/cmd/eiblog/main.go
@@ -9,6 +9,7 @@ import (
 	"github.com/eiblog/eiblog/cmd/eiblog/handler/file"
 	"github.com/eiblog/eiblog/cmd/eiblog/handler/pages"
 	"github.com/eiblog/eiblog/cmd/eiblog/handler/swag"
+	"github.com/eiblog/eiblog/tools"
 
 	"github.com/eiblog/eiblog/pkg/middleware"
 
@@ -36,7 +37,7 @@ func runHTTPServer(endRun chan error) {
 		middleware.SessionOpts{
 			Name:   "su",
 			Secure: config.Conf.RunMode.IsReleaseMode(),
-			Secret: []byte("ZGlzvcmUoMTAsICI="),
+			Secret: tools.CryptoRand(16),
 		}))
 
 	// swag
diff --git a/tools/tools.go b/tools/tools.go
index 26885d4..1f2b0f9 100644
--- a/tools/tools.go
+++ b/tools/tools.go
@@ -2,6 +2,7 @@
 package tools
 
 import (
+	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
 	"io"
@@ -128,3 +129,14 @@ func IgnoreHTMLTag(src string) string {
 	// 去除换行符
 	return regexpEnter.ReplaceAllString(src, "")
 }
+
+// CryptoRand random with crypto/rand
+func CryptoRand(byteLen int) []byte {
+	buf := make([]byte, byteLen)
+
+	_, err := rand.Read(buf)
+	if err != nil {
+		panic(fmt.Sprintf("rand: error reading random bytes: %s", err))
+	}
+	return buf
+}