更新

backend/generate_keys.py

@@ -0,0 +1,93 @@
+import hmac
+import hashlib
+import base64
+import json
+import time
+import secrets
+import string
+
+def generate_secure_secret(length=64):
+    """生成安全的随机十六进制字符串"""
+    return secrets.token_hex(length // 2)
+
+def generate_random_string(length=32):
+    """生成包含字母数字的随机字符串 (用于密码等)"""
+    chars = string.ascii_letters + string.digits
+    return ''.join(secrets.choice(chars) for _ in range(length))
+
+def base64url_encode(input_bytes):
+    return base64.urlsafe_b64encode(input_bytes).decode('utf-8').rstrip('=')
+
+def generate_jwt(role, secret):
+    # 1. Header
+    header = {
+        "alg": "HS256",
+        "typ": "JWT"
+    }
+    
+    # 2. Payload
+    now = int(time.time())
+    payload = {
+        "role": role,
+        "iss": "supabase",
+        "iat": now,
+        "exp": now + 315360000  # 10年有效期
+    }
+    
+    # Encode parts
+    header_b64 = base64url_encode(json.dumps(header).encode('utf-8'))
+    payload_b64 = base64url_encode(json.dumps(payload).encode('utf-8'))
+    
+    # 3. Signature
+    signing_input = f"{header_b64}.{payload_b64}".encode('utf-8')
+    signature = hmac.new(
+        secret.encode('utf-8'),
+        signing_input,
+        hashlib.sha256
+    ).digest()
+    signature_b64 = base64url_encode(signature)
+    
+    return f"{header_b64}.{payload_b64}.{signature_b64}"
+
+if __name__ == "__main__":
+    print("=" * 60)
+    print("🔐 Supabase 全自动配置生成器 (Zero Dependency)")
+    print("=" * 60)
+    print("正在生成所有密钥...\n")
+    
+    # 1. 自动生成主密钥
+    jwt_secret = generate_secure_secret(64)
+    
+    # 2. 基于主密钥生成 JWT
+    anon_key = generate_jwt("anon", jwt_secret)
+    service_key = generate_jwt("service_role", jwt_secret)
+    
+    # 3. 生成其他加密 Key和密码
+    vault_key = generate_secure_secret(32)
+    meta_key = generate_secure_secret(32)
+    secret_key_base = generate_secure_secret(64)
+    
+    db_password = generate_random_string(20)
+    dashboard_password = generate_random_string(16)
+    
+    # 4. 输出结果
+    print(f"✅ 生成完成！请直接复制以下内容覆盖您的 .env 文件中的对应部分：\n")
+    
+    print("-" * 20 + " [ 复制开始 ] " + "-" * 20)
+    print(f"# === 数据库安全配置 ===")
+    print(f"POSTGRES_PASSWORD={db_password}")
+    print(f"JWT_SECRET={jwt_secret}")
+    print(f"ANON_KEY={anon_key}")
+    print(f"SERVICE_ROLE_KEY={service_key}")
+    print(f"SECRET_KEY_BASE={secret_key_base}")
+    print(f"VAULT_ENC_KEY={vault_key}")
+    print(f"PG_META_CRYPTO_KEY={meta_key}")
+    print(f"\n# === 管理后台配置 ===")
+    print(f"DASHBOARD_USERNAME=admin")
+    print(f"DASHBOARD_PASSWORD={dashboard_password}")
+    print("-" * 20 + " [ 复制结束 ] " + "-" * 20)
+    
+    print("\n💡 提示：")
+    print(f"1. 数据库密码: {db_password}")
+    print(f"2. 后台登录密码: {dashboard_password}")
+    print("请妥善保管这些密码！")