fix(plugin): enhanced AES encryption security (#533)

2025-08-04 20:03:31 +08:00
parent 36923bd0a4
commit f80d4f757b
8 changed files with 230 additions and 22 deletions
--- a/backend/domain/plugin/service/plugin_oauth.go
+++ b/backend/domain/plugin/service/plugin_oauth.go
@@ -437,7 +437,13 @@ func genAuthURL(info *entity.AuthorizationCodeInfo) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("marshal state failed, err=%v", err)
 	}
-	encryptState, err := utils.EncryptByAES(stateStr, utils.StateSecretKey)
+
+	secret := os.Getenv(utils.StateSecretEnv)
+	if secret == "" {
+		secret = utils.DefaultStateSecret
+	}
+
+	encryptState, err := utils.EncryptByAES(stateStr, secret)
 	if err != nil {
 		return "", fmt.Errorf("encrypt state failed, err=%v", err)
 	}