Add random key for token to be more safer

kahverengi · kahverengi · commit 647606300454 · 2020-12-09T13:19:42.000+03:00
diff --git a/src/main/kotlin/com/parnote/util/TokenUtil.kt b/src/main/kotlin/com/parnote/util/TokenUtil.kt
@@ -3,11 +3,14 @@ package com.parnote.util
 import com.parnote.db.DatabaseManager
 import com.parnote.db.model.Token
 import io.jsonwebtoken.Jwts
+import io.jsonwebtoken.SignatureAlgorithm
+import io.jsonwebtoken.io.Encoders
 import io.jsonwebtoken.security.Keys
 import io.vertx.core.AsyncResult
 import io.vertx.ext.sql.SQLConnection
 import java.util.*
 
+
 object TokenUtil {
     enum class SUBJECT {
         LOGIN_SESSION,
@@ -32,8 +35,11 @@ object TokenUtil {
                 return@getSecretKeyByID
             }
 
+            val key = Keys.secretKeyFor(SignatureAlgorithm.HS256)
+
             val token = Jwts.builder()
                 .setSubject(subject.toString())
+                .setHeaderParam("key", Encoders.BASE64.encode(key.encoded))
                 .signWith(
                     Keys.hmacShaKeyFor(
                         Base64.getDecoder().decode(
