From 1bb214f6c7e47f5681baf62189b765e2a061cfa8 Mon Sep 17 00:00:00 2001
From: Ranjiwei <32759763+r350178982@users.noreply.github.com>
Date: Thu, 29 Aug 2024 16:09:39 +0800
Subject: [PATCH] Update internal_api.py (#6661)

* Update internal_api.py

* update

* Update utils.py

* Update utils.py

* update

* Update utils.py

* Update settings.py
---
 seahub/api2/utils.py | 6 ++++--
 seahub/settings.py   | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/seahub/api2/utils.py b/seahub/api2/utils.py
index 6c5f35218a..85c80dde33 100644
--- a/seahub/api2/utils.py
+++ b/seahub/api2/utils.py
@@ -33,7 +33,9 @@ from seahub.avatar.templatetags.avatar_tags import api_avatar_url
 from seahub.utils import get_user_repos
 from seahub.utils.mail import send_html_email_with_dj_template
 from django.utils.translation import gettext as _
-from seahub.settings import SECRET_KEY
+import seahub.settings as settings
+
+JWT_PRIVATE_KEY = getattr(settings, 'JWT_PRIVATE_KEY', '')
 
 logger = logging.getLogger(__name__)
 
@@ -331,7 +333,7 @@ def is_valid_internal_jwt(auth):
         return False
 
     try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
+        payload = jwt.decode(token, JWT_PRIVATE_KEY, algorithms=['HS256'])
     except:
         return False
     else:
diff --git a/seahub/settings.py b/seahub/settings.py
index 87827ecec4..7e3c2ab5df 100644
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -122,6 +122,8 @@ STATICFILES_FINDERS = (
 # Make this unique, and don't share it with anybody.
 SECRET_KEY = 'n*v0=jz-1rz@(4gx^tf%6^e7c&um@2)g-l=3_)t@19a69n1nv6'
 
+JWT_PRIVATE_KEY = ''
+
 ENABLE_REMOTE_USER_AUTHENTICATION = False
 
 # Order is important
@@ -970,6 +972,8 @@ else:
     load_local_settings(seahub_settings)
     del seahub_settings
 
+JWT_PRIVATE_KEY = os.environ.get('JWT_PRIVATE_KEY', '') or JWT_PRIVATE_KEY
+
 # Remove install_topdir from path
 sys.path.pop(0)