feat: enhance environment variable handling and security features

common/constants.go

@@ -30,6 +30,7 @@ var DefaultCollapseSidebar = false // default value of collapse sidebar
 // Any options with "Secret", "Token" in its key won't be return by GetOptions
 
 var SessionSecret = uuid.New().String()
+var CryptoSecret = uuid.New().String()
 
 var OptionMap map[string]string
 var OptionMapRWMutex sync.RWMutex

common/crypto.go

@@ -14,7 +14,7 @@ func GenerateHMACWithKey(key []byte, data string) string {
 }
 
 func GenerateHMAC(data string) string {
-	h := hmac.New(sha256.New, []byte(SessionSecret))
+	h := hmac.New(sha256.New, []byte(CryptoSecret))
 	h.Write([]byte(data))
 	return hex.EncodeToString(h.Sum(nil))
 }

common/init.go

@@ -22,7 +22,7 @@ func printHelp() {
 	fmt.Println("Usage: one-api [--port <port>] [--log-dir <log directory>] [--version] [--help]")
 }
 
-func init() {
+func LoadEnv() {
 	flag.Parse()
 
 	if *PrintVersion {
@@ -45,6 +45,11 @@ func init() {
 			SessionSecret = ss
 		}
 	}
+	if os.Getenv("CRYPTO_SECRET") != "" {
+		CryptoSecret = os.Getenv("CRYPTO_SECRET")
+	} else {
+		CryptoSecret = SessionSecret
+	}
 	if os.Getenv("SQLITE_PATH") != "" {
 		SQLitePath = os.Getenv("SQLITE_PATH")
 	}